Versions Compared

Old Version 3

changes.mady.by.user Nadine Hinojosa

Saved on

compared with

New Version Current

changes.mady.by.user user-eb51a

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

1.    Create

...

an

...

S3

...

bucket

...

with

...

an

...

Access

...

Control

...

List

...

with

...

no

...

public

...

access,

...

but

...

with

...

root

...

account

...

access

...

and

...

access

...

from

...

the

...

current

...

user.

...

2.    Modify

...

the

...

Bucket

...

Policy

...

to

...

be

...

of

...

this

...

form.

...

Details

...

of

...

how

...

to

...

determine

...

the

...

values

...

of

...

the

...

highlighted

...

text

...

may

...

be

...

found

...

here: How to Restrict Amazon S3 Bucket Access to a Specific IAM Role.

A summary follows, for AWS experts, of how to derive the values :

775488040364 AWS Account number

lansa-secure S3 Secure Bucket name

AROAI4S5N5QLPZ5QHQIJ2 RoleId of paas-ec2 (aws iam get-role -–role-name ROLE-NAME)

AIDAJFF4TKJHEGHMMDUUQ IAM UserId of the administrator (aws iam get-user -–user-name USER-NAME)

Panel
bgColor#D3D3D3
{
    "Version": "2012-10-17",

...


    "Statement":

...

[

...


       

...

{

...


            "Effect": "Allow",

...


            "Principal":

...

{

...


                "AWS": "arn:aws:iam::775488040364:role/paas-ec2"

...


           

...

},

...


            "Action": "s3:ListBucket",

...


            "Resource": "arn:aws:s3:::lansa-secure"

...


       

...

},

...


       

...

{

...


            "Effect": "Allow",

...


            "Principal":

...

{

...


                "AWS": "arn:aws:iam::775488040364:role/paas-ec2"

...


           

...

},

...


            "Action":

...

[

...


                "s3:GetObject",

...


                "s3:PutObject",

...


                "s3:DeleteObject"

...


           

...

],

...


            "Resource": "arn:aws:s3:::lansa-secure/*"

...


       

...

},

...


       

...

{

...


            "Effect": "Deny",

...


            "Principal": "*",

...


            "Action": "s3:*",

...


            "Resource":

...

[

...


                "arn:aws:s3:::lansa-secure",

...


                "arn:aws:s3:::lansa-secure/*"

...


           

...

],

...


            "Condition":

...

{

...


                "StringNotLike":

...

{

...


                    "aws:userId":

...

[

...


                        "AROAI4S5N5QLPZ5QHQIJ2:*",

...


                        "AIDAJFF4TKJHEGHMMDUUQ",

...


                        "775488040364"

...


                   

...

]

...


                }
            }
        }
    ]
}