Allow different IAM users to access different buckets

Last updated:2021-04-28 11:04:15

Assume that you have an R&D department and an O&M department and have created the rd_bucket and op_bucket buckets in KS3 to separately store R&D data and O&M data. If you want to allow the R&D department to access only the rd_bucket bucket and the O&M department to access only the op_bucket bucket, you need to create two IAM users, rd_user and op_user, write two policies, and attach them to the users. For example, you can attach the following policy to rd_user:

{
    "Version": "2015-11-01",
    "Statement": [
    {
        "Effect": "Allow",
        "Action": "ks3:*",
        "Resource":[
            "krn:ksc:ks3:::rd_bucket",
            "krn:ksc:ks3:::rd_bucket/*"
        ]
     }
   ]
}

Similarly, you can attach the following policy to op_user:

{
    "Version": "2015-11-01",
    "Statement": [
    {
        "Effect": "Allow",
        "Action": "ks3:*",
        "Resource":[
            "krn:ksc:ks3:::op_bucket",
            "krn:ksc:ks3:::op_bucket/*"
        ]
     }
   ]
}

To allow the IAM users to log in to the KS3 console and view the bucket list, you need to grant the ks3:ListBuckets operation permission to them.

{
    "Version": "2015-11-01",
    "Statement": [
     {
         "Effect": "Allow",
         "Action": "ks3:ListBuckets",
         "Resource": "*"
     }
    ]
}

Did you find the above information helpful?

Unhelpful
Mostly Unhelpful
A little helpful
Helpful
Very helpful

What might be the problems?

Insufficient
Outdated
Unclear or awkward
Redundant or clumsy
Lack of context for the complex system or functionality

More suggestions

0/200

Please give us your feedback.

Submitted

Thank you for your feedback.

问题反馈