Adding inline policy to access S3 for AWS SSO

58 Views Asked by waseem mir At 31 August 2023 at 07:21

I have permission set created in AWS, and I am creating an INLINE policy where I want to give access to a specific bucket .

when I am trying below it works fine which is something I don't want, however when add resource to like and resource arn arn:aws:s3:::bucket_name or arn:aws:s3:::*data* it shows me insufficient privilege and I am not able to access.

    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

policy I am using which Is not working

    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::data*",
                "arn:aws:s3:::data*/*"
            ]
        }
    ]
}
}

Original Q&A

There are 2 best solutions below

Marcin On 31 August 2023 at 07:41

The policy should be:

    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::BUCKET-NAME",
                "arn:aws:s3:::BUCKET-NAME/*"
            ]
        }
    ]
}
}

ItsKornBailey On 28 September 2023 at 17:41

here is what i do in summary...

create the permission set... create the inline policy, then attach the policy

resource "aws_ssoadmin_permission_set" "permset" {
      name             = "name"
      description      = ""
      instance_arn     = tolist(data.aws_ssoadmin_instances.instance.arns)[0]
      session_duration = "PT10H"
    
    }

data "aws_iam_policy_document" "policyname" {
  statement {
    sid = "s3actions"
    actions = "s3:*"
    "Resource": [
            "arn:aws:s3:::data*",
            "arn:aws:s3:::data*/*"
        ]
  }
}

resource "aws_ssoadmin_permission_set_inline_policy" "policyattach" {
  instance_arn       = tolist(data.aws_ssoadmin_instances.instance.arns)[0]
  permission_set_arn = aws_ssoadmin_permission_set.permset.arn
  inline_policy      = data.aws_iam_policy_document.policyname.json
}

I hope this works for you

Adding inline policy to access S3 for AWS SSO

There are 2 best solutions below

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AMAZON-S3

Related Questions in AMAZON-IAM

Related Questions in AWS-SSO

Trending Questions

Popular # Hahtags

Popular Questions