Versions Compared

Old Version 2

changes.mady.by.user Nadine Hinojosa

Saved on

compared with

New Version Current

changes.mady.by.user user-eb51a

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

1.    Create

...

an

...

S3

...

bucket

...

with

...

an

...

Access

...

Control

...

List

...

with

...

no

...

public

...

access,

...

but

...

with

...

root

...

account

...

access

...

and

...

access

...

from

...

the

...

current

...

user.

...

2.    Modify

...

the

...

Bucket

...

Policy

...

to

...

be

...

of

...

this

...

form.

...

Details

...

of

...

how

...

to

...

determine

...

the

...

values

...

of

...

the

...

highlighted

...

text

...

may

...

be

...

found here: How to Restrict Amazon S3 Bucket Access to a Specific IAM Role.

A summary follows, for AWS experts, of how to derive the values :

775488040364 AWS Account number

lansa-secure S3 Secure Bucket name

AROAI4S5N5QLPZ5QHQIJ2 RoleId of paas-ec2 (aws iam get-role -–role-name ROLE-NAME)

AIDAJFF4TKJHEGHMMDUUQ IAM UserId of the administrator (aws iam get-user -–user-name USER-NAME)

Panel
bgColor#D3D3D3
{
   
here: [<span style="color: #0000ee"><span style="text-decoration: underline; ">How to Restrict Amazon S3 Bucket Access to a Specific IAM Role</span></span>|https://aws.amazon.com/blogs/security/how-to-restrict-amazon-s3-bucket-access-to-a-specific-iam-role/] A summary follows, for AWS experts, of how to derive the values : 775488040364 AWS Account number lansa-secure S3 Secure Bucket name AROAI4S5N5QLPZ5QHQIJ2 RoleId of paas-ec2 (aws iam get-role -–role-name ROLE-NAME) AIDAJFF4TKJHEGHMMDUUQ IAM UserId of the administrator (aws iam get-user -–user-name USER-NAME) \{    
 "Version": "2012-10-17",
   

    "Statement":
\
[
       

       
\
{
           

            "Effect": "Allow",
           

            "Principal":
\
{
               

                "AWS": "arn:aws:iam::775488040364:role/paas-ec2"
           

           
\
},
           

            "Action": "s3:ListBucket",
           

            "Resource": "arn:aws:s3:::lansa-secure"
       

       
\
},
       

       
\
{
           

            "Effect": "Allow",
           

            "Principal":
\
{
               

                "AWS": "arn:aws:iam::775488040364:role/paas-ec2"
           

           
\
},
           

            "Action":
\
[
               

                "s3:GetObject",
               

                "s3:PutObject",
               

                "s3:DeleteObject"
           

           
\
],
           

            "Resource": "arn:aws:s3:::lansa-secure/*"
       

       
\
},
       

       
\
{
           

            "Effect": "Deny",
           

            "Principal": "*",
           

            "Action": "s3:*",
           

            "Resource":
\
[
               

                "arn:aws:s3:::lansa-secure",
               

                "arn:aws:s3:::lansa-secure/*"
           

           
\
],
           

            "Condition":
\
{
               

                "StringNotLike":
\
{
                   

                    "aws:userId":
\
[
                       

                        "AROAI4S5N5QLPZ5QHQIJ2:*",
                       

                        "AIDAJFF4TKJHEGHMMDUUQ",
                       

                        "775488040364"
                   

                   
\
]
                \}             \}         \}     \] \} [<span style="color: #0000ee"><span style="text-decoration: underline; ">Show Contents List</span></span>|../../Default.htm#lansa/VLDToolDevOps_0270.htm]

                }
            }
        }
    ]
}