All Documents
Current Document

Content is empty

If you don't find the content you expect, please try another search term

Documentation

Allow different IAM users to access different buckets

Last updated:2021-04-28 11:04:15

Assume that you have an R&D department and an O&M department and have created the rd_bucket and op_bucket buckets in KS3 to separately store R&D data and O&M data. If you want to allow the R&D department to access only the rd_bucket bucket and the O&M department to access only the op_bucket bucket, you need to create two IAM users, rd_user and op_user, write two policies, and attach them to the users. For example, you can attach the following policy to rd_user:

{
    "Version": "2015-11-01",
    "Statement": [
    {
        "Effect": "Allow",
        "Action": "ks3:*",
        "Resource":[
            "krn:ksc:ks3:::rd_bucket",
            "krn:ksc:ks3:::rd_bucket/*"
        ]
     }
   ]
}

Similarly, you can attach the following policy to op_user:

{
    "Version": "2015-11-01",
    "Statement": [
    {
        "Effect": "Allow",
        "Action": "ks3:*",
        "Resource":[
            "krn:ksc:ks3:::op_bucket",
            "krn:ksc:ks3:::op_bucket/*"
        ]
     }
   ]
}

To allow the IAM users to log in to the KS3 console and view the bucket list, you need to grant the ks3:ListBuckets operation permission to them.

{
    "Version": "2015-11-01",
    "Statement": [
     {
         "Effect": "Allow",
         "Action": "ks3:ListBuckets",
         "Resource": "*"
     }
    ]
}
On this page
Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen
Feedback