New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Only possible to use root user #60
Comments
It looks like non of the canned policies will meet our needs. I suggest either checking if public access is already allowed, making policy changes optional, or only adding to the existing policy (not sure how to do this). Thoughts? |
I'm really not too familiar with IAM and permissions, so I don't actually know what to do here. I assume it has to do with the |
Yeah, sorry I was trying to say that, but I overcomplicated it :p Looks like I think the best solution is to only change bucket permissions when creating a bucket. If that's sounds reasonable, I'll make it a pull request. |
I did a test of this solution, and the problem was me. I made a mistake in my IAM policy, flask-s3 works fine with IAM users. Sorry about that! For the record, the policy you need to give an IAM access only to BUCKETNAME is: {
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::BUCKETNAME",
"arn:aws:s3:::BUCKETNAME/*"
]
}
]
} |
I would like to make a user with restricted permissions but permission are reset to 'public-read' on each usage. This removes authorised users and restrictes writing to the account owner.
To see this behaviour:
The text was updated successfully, but these errors were encountered: