Question 254499 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – Adding inline policy to access S3 for AWS SSO

I have permission set created in AWS, and I am creating an INLINE policy where I want to give access to a specific bucket .

when I am trying below it works fine which is something I don’t want, however when add resource to like and resource arn arn:aws:s3:::bucket_name or arn:aws:s3:::*data*
it shows me insufficient privilege and I am not able to access.

    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

policy I am using which Is not working

    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::data*",
                "arn:aws:s3:::data*/*"
            ]
        }
    ]
}
}
Tags:

2

Answers


  1. 0

    The policy should be:

        "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::BUCKET-NAME",
                "arn:aws:s3:::BUCKET-NAME/*"
            ]
        }
    ]
}
}
    Login or Signup to reply.
  2. 0

    here is what i do in summary…

    create the permission set… create the inline policy, then attach the policy

    resource "aws_ssoadmin_permission_set" "permset" {
      name             = "name"
      description      = ""
      instance_arn     = tolist(data.aws_ssoadmin_instances.instance.arns)[0]
      session_duration = "PT10H"
    
    }

data "aws_iam_policy_document" "policyname" {
  statement {
    sid = "s3actions"
    actions = "s3:*"
    "Resource": [
            "arn:aws:s3:::data*",
            "arn:aws:s3:::data*/*"
        ]
  }
}

resource "aws_ssoadmin_permission_set_inline_policy" "policyattach" {
  instance_arn       = tolist(data.aws_ssoadmin_instances.instance.arns)[0]
  permission_set_arn = aws_ssoadmin_permission_set.permset.arn
  inline_policy      = data.aws_iam_policy_document.policyname.json
}

    I hope this works for you

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search