Creating an IAM Policy for S3 Web Access

19-Apr, 2015

It is well documented how to create an S3 bucket that can be used to host a static site but I didn’t find the process of creating an IAM policy for securing the bucket that clear. Here is my IAM policy for an S3 bucket that we are using to host a static website:

{
    "Version": "2012-10-17",
    "Statement": [
    {
      "Action": [
        "s3:ListAllMyBuckets"
        ],
        "Effect": "Allow",
        "Resource": "arn:aws:s3:::*"
    },
    {
      "Action": [
        "s3:ListBucket",
        "s3:DeleteObject",
        "s3:GetBucketAcl",
        "s3:GetBucketLocation",
        "s3:GetObjectAcl",
        "s3:PutBucketAcl",
        "s3:PutObject",
        "s3:PutObjectAcl"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::domain.com",
        "arn:aws:s3:::domain.com/*",
        "arn:aws:s3:::www.domain.com",
        "arn:aws:s3:::www.domain.com/*"
      ]
    }
  ]
}

If anyone has any better policies for securing a bucket we would love to hear them!

comments powered by Disqus