aws s3 policy setting

 

trying to set AWS S3 policy and i would have thought if i were to set it directly in the s3 bucket itself, i won't have to add a resource. Boy was i wrong.

This policy was the one that works, after so many time messing around with it. So the principal must be valid ARN. The resource too must be a legit ARN resource. 

In this example, i am denying user from uploading. Even though this user is configure to have ALL s3 permission by default, having this policy blocks the principal from uploading to this bucket.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PolicyForDenyUploadWithACL",
            "Effect": "Deny",
            "Principal": {
                "AWS": "must-be-a-valid-arn-pricipal"
            },
            "Action": "s3:PutObject",
            "Resource": "must-be-a-valid-arn-resource/*"
        }
    ]
}



Comments

Post a Comment

Popular posts from this blog

The specified initialization vector (IV) does not match the block size for this algorithm

Image
If you're getting  exception when trying to assigned key to a symmetric key and getting error message below :- The specified initialization vector (IV) does not match the block size for this algorithm And your code probably look like something below :- Then you need to go into debug mode and start looking into the supported size for IV as shown in diagram below :- As you can see, IV is 16 bytes, so you need to provide 16 bytes. The same goes for Key field too, if you're adding anything to it. As long as you provide a valid key size, then we're good and you're code will be ready.
Read more