Amazon Web Services: setting S3 policies to allow putObject and getObject, but not listBucket

Question

Amazon Web Services: setting S3 policies to allow putObject and getObject, but not listBucket

I use getObject and putObject requests on Amazon S3 and when creating a policy to access the bucket, I found that if I do not allow listBucket, I get a "refused" error.

The problem is that listBucket means that the user can list the keys in the bucket, and this poses a security risk.

Is it possible to enable getObject and putObject without listBucket permission? or is there a workaround for this?

Here is the policy:

 {
 "Version": "2012-10-17",
"Statement": [
{
  "Sid": "Stmt##",
  "Effect": "Allow",
  "Action": [
    "s3:ListBucket"
  ],
  "Resource": [
    "arn:aws:s3:::myBucket"
  ]
},
{
  "Sid": "Stmt##",
  "Effect": "Allow",
  "Action": [
    "s3:GetObject",
    "s3:PutObject"
  ],
  "Resource": [
    "arn:aws:s3:::myBucket/*"
  ]
}
 ]
}

+4

security amazon-s3 amazon-web-services

Zigglzworth Dec 23 '14 at 16:59

source share

1 answer

Michael - sqlbot · Accepted Answer · 2014-12-23T17:51:59+0000

From Obtain documentation on the object :

s3:GetObject. . " " Amazon Simple Storage Service. , , Amazon S3, , s3:ListBucket.

, , .

, , s3:ListBucket, s3:GetObject.

, s3:ListBucket, , . S3 , - , .

s3:ListBucket:

<Error>
 <Code>AccessDenied</Code>
 <Message>Access Denied</Message>
 <RequestId>xxxx</RequestId>
 <HostId>xxxx</HostId>
</Error>

s3:ListBucket:

<Error>
 <Code>NoSuchKey</Code>
 <Message>The specified key does not exist.</Message>
 <Key>fakefile.txt</Key>
 <RequestId>xxxx</RequestId>
 <HostId>xxxx</HostId>
</Error>

, , , " " - s3:ListBucket. , .

Amazon Web Services: setting S3 policies to allow putObject and getObject, but not listBucket

More articles: