Frequently you may need to set up a IAM Role or Policy that allows access only to a specific AWS S3 Bucket and the objects within it. You can use this policy to accomplish this.
{
“Version”:”2012-10-17″,
“Statement”:[
{
“Effect”:”Allow”,
“Action”:[
“s3:ListBucket”,
“s3:ListBucketByTags”,
“s3:ListBucketVersions”,
“s3:GetBucketLocation”,
“s3:GetBucketTagging”,
“s3:ListBucketMultipartUploads”
],
“Resource”:[
“arn:aws:s3:::<BUCKET-NAME>”
]
},
{
“Effect”:”Allow”,
“Action”:[
“s3:PutObject”,
“s3:GetObject”,
“s3:GetObjectTagging”,
“s3:DeleteObject”,
“s3:DeleteObjectTagging”,
“s3:AbortMultipartUpload”,
“s3:ListMultipartUploadParts”
],
“Resource”:[
“arn:aws:s3:::<BUCKET-NAME>/*”
]
}
]
}