I have created STS AssumeRole session token with adding policy document as List only to specific folders, but how we can hide on showing remaining folders which doesn’t have access?
Example:
Let consider I have AWS s3 object paths s3://<bucketName>/folder1/{files…} & s3://<bucketName>/folder2/{files…}
I generated STS token having Action (i.e., S3:List*) and filter Condition policy ( i.e. "StringEquals" : “folder1/*” )
In my application using AWS SDK (Javascript) with above generated STS session token. If I try to List objects under Key (s3:///), response returning both folder1/ & folder2/.
How can I hide folder2/ based on current STS session policy?
(Note: Eventhough we have restrict List access to deep dive into folder2/. I don't my SDK to show folder2/ in frontend.
s3:Listis a bucket-level operation, so it will list all the contents as long as the permissions allow it.You can deny access to
folder2/by adding a condition like you said. However, that folder will still be visible if ListBucket is called in the above directory.