Updated on 2024-04-16 GMT+08:00

Granting an IAM User Permissions to Operate a Specific Bucket

Create an IAM user under in an account. The IAM user has no permission to any resource before it is added to any user group. The bucket owner (root account) or other accounts and IAM users, who have the permission to set bucket policies, can configure bucket policies to grant the bucket operation permissions to IAM users.

The following is an example about how to grant an IAM user the bucket access and object upload permissions.

Procedure

  1. In the bucket list, click the bucket you want to operate to go to the Objects page.
  2. In the navigation pane, choose Permissions > Bucket Policies.
  3. Click Create.
  4. Configure parameters listed in the table below to grant an IAM user the permissions to access the bucket (to list objects in the bucket) and to upload objects.

    Table 1 Parameters for granting the object listing and upload permissions

    Parameter

    Description

    Configuration method

    Choose Visual Editor.

    Policy Name

    Enter a custom policy name.

    Policy content

    Effect

    Select Allow.

    Principals

    • Select Current account.
    • Specify an IAM user under the current account.

    Resources

    • Method 1:
      • Select Entire bucket (including the objects in it).
    • Method 2:
      • Select Current bucket and Specified objects.
      • Set the resource path to * (indicating all objects in the bucket).

    Actions

    • Choose Customize.
    • Select the following actions:
      • ListBucket (to list objects in the bucket and obtain the bucket metadata)
      • PutObject (to upload objects)
    NOTE:

    In this example, only the upload action among object actions is selected. You can also select other object actions to grant corresponding permissions if needed. The asterisk (*) indicates all actions.

    To learn the supported actions and their meanings, see Actions.

  5. Click Create in the lower right corner.