Granting an IAM User Permissions to Operate a Specific Bucket

Create an IAM user under in an account. The IAM user has no permission to any resource before it is added to any user group. The bucket owner (root account) or other accounts and IAM users, who have the permission to set bucket policies, can configure bucket policies to grant the bucket operation permissions to IAM users.

The following is an example about how to grant an IAM user the bucket access and object upload permissions.

Procedure

In the bucket list, click the bucket you want to operate to go to the Objects page.
In the navigation pane, choose Permissions > Bucket Policies.
Click Create.

Configure parameters listed in the table below to grant an IAM user the permissions to access the bucket (to list objects in the bucket) and to upload objects.

**Table 1** Parameters for granting the object listing and upload permissions
Parameter		Description
Configuration method		Choose Visual Editor.
Policy Name		Enter a custom policy name.
Policy content	Effect	Select Allow.
	Principals	Select Current account. Specify an IAM user under the current account.
	Resources	Method 1: Select Entire bucket (including the objects in it). Method 2: Select Current bucket and Specified objects. Set the resource path to * (indicating all objects in the bucket).
	Actions	Choose Customize. Select the following actions: ListBucket (to list objects in the bucket and obtain the bucket metadata) PutObject (to upload objects) NOTE: In this example, only the upload action among object actions is selected. You can also select other object actions to grant corresponding permissions if needed. The asterisk (*) indicates all actions. To learn the supported actions and their meanings, see Actions.