For our next step, we’ll be creating a policy that controls how the AWS user account we’ll be creating in Step 3 accesses our bucket. We want to define the narrowest set of permissions possible to keep things secure.
Select IAM from the services menu in the AWS Console. Once the IAM console has loaded, click on Policies on the left hand side of the page and then click on Create Policy to get started.
When you click on Create Policy a wizard dialog will appear.
Click on the JSON tab and paste the following JSON into it:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:DeleteObjectTagging",
"s3:ListBucketMultipartUploads",
"s3:DeleteObjectVersion",
"s3:ListBucket",
"s3:DeleteObjectVersionTagging",
"s3:GetBucketAcl",
"s3:ListMultipartUploadParts",
"s3:PutObject",
"s3:GetObjectAcl",
"s3:GetObject",
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::YOURBUCKET/*",
"arn:aws:s3:::YOURBUCKET"
]
},
{
"Effect": "Allow",
"Action": "s3:HeadBucket",
"Resource": "*"
}
]
}IMPORTANT! Make sure you replace YOURBUCKET with the name of the bucket you created in Step 1.
Click on Review Policy to continue.
On the next screen, give the policy a name and description that is meaningful to you.
Click on Create Policy to create the policy.