A set of permissions to be used on Amazon Web Services Simple Storage Service (AWS S3) buckets. Each of them should be attached to a different group. The set imitates the Unix permissions model (rwx), where x would be administrative access to the bucket.
Read (download) access to objects in ‘bucket-name’. No write access and no access to bucket properties except as needed in order to navigate in AWS console (ListAllMyBuckets and GetBucketLocation).
{
“Version”:”2012-10-17″,
“Statement”:[
{
“Effect”:”Allow”,
“Action”:[
“s3:GetObject*”,
“s3:List*”,
“s3:GetBucketLocation”
],
“Resource”:[
“arn:aws:s3:::bucket-name”,
“arn:aws:s3:::bucket-name/*”
]
},
{
“Effect”:”Allow”,
“Action”:[
“s3:ListAllMyBuckets”
],
“Resource”:”arn:aws:s3:::*”
}
]
}