Question 19425 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

allowing a third party application to write to your aws bucket

I have a bit of a problem, to which Iam not sure I know the answer to. I have a bucket named staging and I would like to give access to a third party dev (which is building the webapp) to allow file uploads into this bucket.

What is the correct way to go about doing this? Surely, not giving away my aws secrets?

Would be great if someone can point me in the right direction for this.

Tags:

2

Answers


  1. 0

    You can achieve it using Resource Based Policies in Staging S3 bucket.

    1. Add a Resource Based Policy to Staging bucket that allow access to Dev account’s IAM User/Role.

      {
    "Version": "2012-10-17",
    "Statement": [{
        "Sid": "VisualEditor0",
        "Effect": "Allow",
        "Principal": {
            "AWS": "<ARN of IAM User/Role from Dev Account>"
        },
        "Action": [
            "s3:GetObject",
            "s3:PutObject"
        ]
        "Resource": "arn:aws:s3:::staging-bucket/*"
    }]
}

    2. Next, add an IAM Policy in Dev account, that allow access to S3 bucket in Staging account.

      {
    "Version": "2012-10-17",
    "Statement": [{
        "Sid": "VisualEditor1",
        "Effect": "Allow",
        "Action": [
            "s3:GetObject",
            "s3:PutObject"
        ]
        "Resource": "arn:aws:s3:::staging-bucket/*"
    }]
}

    References

    Login or Signup to reply.
  2. 0

    if you are talking about a third party app is uploading content; one option is You can expose an API via apigateway to upload content to the bucket. Remember to remove public access from the bucket permission.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search