Amazon web services - AWS S3 bucket, restrict actions on creating folders

Landerson
July 18, 2022
279 views
0 votes
2 Answers

Is there any kind of bucket policy or IAM policy which restricts the user in creation of folders. Ex. Let us consider i have an user – User1, i have provided access to the user to certain folder in the S3 bucket. I need to restrict the user in such a way, that the user can only upload and download the objects. The user should not even have access to create a folder. Can that be done? If it can be done, what should be added and where?(Bucket policy or IAM policy)

Answers

Chosen as BEST ANSWER

I have solved this on my own, I have a bucket policy which restricts users to only upload a certain type of file. So create folder does not work automatically. The bucket policy i used is mentioned below as reference.

    {
"Version": "2012-10-17",
"Id": "Policy1657799010112",
"Statement": [
    {
        "Sid": "Stmt1657798687256",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": [
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 1/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Dollar/TrendedDetails-Dollar*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Unit/TrendedDetails-Unit*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/0*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/1*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 4/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 5/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/TY/Start*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/YA/Start*.xlsx"
        ]
    },
    {
        "Sid": "Stmt1657798687256",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": [
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 1/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Dollar/TrendedDetails-Dollar*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Unit/TrendedDetails-Unit*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/0*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/1*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 4/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 5/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/TY/Start*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/YA/Start*.xlsx"
        ]
    }
]

}

(Edit)

- Marcin
- July 18, 2022 at 7:52 am
- 0 votes
0
There is no such thing as "folder" in S3, so you can’t prohibit creating something that does not exist. What you see in S3 console as "folder" is just a visual representation of S3 object keys that contain / in their name.

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Amazon web services – AWS S3 bucket, restrict actions on creating folders

Answers