0

Terraform – iam policy for AWS user

Just a quick writeup when for example providing conditional access to s3 you would like to restrict access to AWS user name in the path you can refer to this quick snippet

   statement {
       actions = [
           "s3:ListBucket",
       ]
       resources = [
           "arn:aws:s3:::${var.s3_bucket_name}",
       ]
       condition {
           test = "StringLike"
           variable = "s3:prefix"
           values = [
               "",
               "home/",
               "home/&{aws:username}/",
           ]
       }
   },
   statement {
       actions = [
           "s3:*",
       ]
       resources = [
           "arn:aws:s3:::${var.s3_bucket_name}/home/&{aws:username}",
           "arn:aws:s3:::${var.s3_bucket_name}/home/&{aws:username}/*",
       ]
   }

rafpe

Leave a Reply

Your email address will not be published. Required fields are marked *