Hi bro I created a bucket & then tried assigning permissions using the policy generator I applied policy under AWS S3 -> buckentname -> permissions-> bucket policy. I could see the policy was in effect when I run the command aws s3 ls s3://bucketname on that specific user through cli. my query was that when i go to the IAM users & go to the specific user for whom i created the policy I don't see that permissions reflecting over there I am a bit confused can you help. the policy I created is something like this { "Version": "2012-10-17", "Id": "Policy161915878999", "Statement": [ { "Sid": "Stmt1619158731311", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::00000000:user/roy" }, "Action": [ "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::demo-3s-bucket", "arn:aws:s3:::demo-3s-bucket/*" ] } ] }
Hi Roy, Thanks for this question. There are two types of access policy, resource-based and user-based. In your case, you had set a resource-based policy. In such a case the control goes to s3, which decides who can access your bucket or object. Therefore, the scope of your policy limited to bucket policy and it is not elevated to user policy(or IAM). Hope I answer your question. Enjoy learning and please subscribe to my channel. All the best !!!
Hi bro I created a bucket & then tried assigning permissions using the policy generator I applied policy under AWS S3 -> buckentname -> permissions-> bucket policy. I could see the policy was in effect when I run the command aws s3 ls s3://bucketname on that specific user through cli. my query was that when i go to the IAM users & go to the specific user for whom i created the policy I don't see that permissions reflecting over there I am a bit confused can you help. the policy I created is something like this
{
"Version": "2012-10-17",
"Id": "Policy161915878999",
"Statement": [
{
"Sid": "Stmt1619158731311",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::00000000:user/roy"
},
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::demo-3s-bucket",
"arn:aws:s3:::demo-3s-bucket/*"
]
}
]
}
Hi Roy, Thanks for this question.
There are two types of access policy, resource-based and user-based. In your case, you had set a resource-based policy.
In such a case the control goes to s3, which decides who can access your bucket or object. Therefore, the scope of your policy limited to bucket policy and it is not elevated to user policy(or IAM).
Hope I answer your question.
Enjoy learning and please subscribe to my channel.
All the best !!!
@@itech4253 Thanks bro for responding & resolving my query appreciate it 👍 yes I am subscribing to your channel waiting for more tutorials from you.