Question 95453 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

How do you know which S3 permissions to choose in AWS IAM policies – Amazon web services

I am confused as to how do I know which permissions to grant to Lambda service if I want it to be able to perform HeadBucket action.

Here’s what I have in CloudFormation right now, and I just deducted these from the SAM S3ReadBucket policy. But how do I know exactly which permissions are exactly required for this?

This is what I have right now.

      Policies:
        - Statement:
          - Sid: AllowHeadOnBucket
            Effect: Allow
            Action:
              - 's3:GetObject'
              - 's3:ListBucket'
              - 's3:GetBucketLocation'
              - 's3:GetObjectVersion'
              - 's3:GetLifecycleConfiguration'
Tags:

2

Answers


  1. 0

    I would start with the HeadBucket documentation:

    To use this operation, you must have permissions to perform the s3:ListBucket action.

    So you need s3:ListBucket on the ARN of your S3 bucket e.g. arn:aws:s3:::mybucket.

    Login or Signup to reply.
  2. 0

    AWS Policy Generator can also be handy to help with these things: https://awspolicygen.s3.amazonaws.com/policygen.html

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search