Only possible to use root user #60
Comments
|
It looks like non of the canned policies will meet our needs. I suggest either checking if public access is already allowed, making policy changes optional, or only adding to the existing policy (not sure how to do this). Thoughts? |
|
I'm really not too familiar with IAM and permissions, so I don't actually know what to do here. I assume it has to do with the |
|
Yeah, sorry I was trying to say that, but I overcomplicated it :p Looks like I think the best solution is to only change bucket permissions when creating a bucket. If that's sounds reasonable, I'll make it a pull request. |
|
I did a test of this solution, and the problem was me. I made a mistake in my IAM policy, flask-s3 works fine with IAM users. Sorry about that! For the record, the policy you need to give an IAM access only to BUCKETNAME is: {
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::BUCKETNAME",
"arn:aws:s3:::BUCKETNAME/*"
]
}
]
} |
I would like to make a user with restricted permissions but permission are reset to 'public-read' on each usage. This removes authorised users and restrictes writing to the account owner.
To see this behaviour:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": "arn:aws:s3:::BUCKETNAME" } ] }The text was updated successfully, but these errors were encountered: