IAM Policies

Updated : 2021.11.28

I am starting to build a collection of least privilege IAM policies that you can use in your own environment, with the aim of reducing the amount of effort you need to perform to build these policies yourself.

S3

S3 bucket contents consumer

This role requires the ability to consume the contents of the S3 bucket (either uploading or downloading) of all data.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::bucketname",
                "arn:aws:s3:::bucketname/*"
            ]
        }
    ]
}