Sorry if a basic question but very new to AWS: Essentially I am following a tutorial and creating permissions for an S3 Bucket for a Ruby on Rails App.
The first ARN I created is fine no issues:
arn:aws:s3:::learning-path-blog-jon
However, the tutorial then says to create another ARN so as access all files using the * wildcard like this:
arn:aws:s3:::learning-path-blog-jon/*
However, when I try to do this I get the "Entered ARN is invalid." message?
I am trying to work around this but so far no luck - as I say brand new to AWS.
For full context the JSON view of my policy editor looks like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::learning-path-blog-jon"
}
]
}
Could anyone please advise how I can alter the arn:aws:s3:::learning-path-blog-jon/* to be valid or else add the equivalent to the JSON?
Some API calls (eg
ListBucket) operate on the bucket and therefore need permission onSome API calls (eg
GetObject) operate on objects and therefore need permission on:Those ones can even be restricted to certain paths, such as:
This grants permission on any objects with a path that starts with
public/.You could therefore supply two different statements:
But it is typically easier to combine them into one statement: