I found this through my LinkedIn feed today. While I’m not normally one for metaphors, this one is very apt.
This might be the source, but I’m not sure; Google searches list it appearing in a lot of places. If you know, please let me know!
Since I wrestle with this about once per month, here is the IAM policy to allow full user access to an S3 bucket.
{
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:ListAllMyBuckets"
],
"Resource":"arn:aws:s3:::*"
},
{
"Effect":"Allow",
"Action":[
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource":"arn:aws:s3:::bucket-name"
},
{
"Effect":"Allow",
"Action":[
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource":"arn:aws:s3:::bucket-name/*"
}
]
}