0

Terraform – iam policy for AWS user

Posted on by rafpe

Just a quick writeup when for example providing conditional access to s3 you would like to restrict access to AWS user name in the path you can refer to this quick snippet 

   statement {
       actions = [
           "s3:ListBucket",
       ]
       resources = [
           "arn:aws:s3:::${var.s3_bucket_name}",
       ]
       condition {
           test = "StringLike"
           variable = "s3:prefix"
           values = [
               "",
               "home/",
               "home/&{aws:username}/",
           ]
       }
   },
   statement {
       actions = [
           "s3:*",
       ]
       resources = [
           "arn:aws:s3:::${var.s3_bucket_name}/home/&{aws:username}",
           "arn:aws:s3:::${var.s3_bucket_name}/home/&{aws:username}/*",
       ]
   }
facebook Share on Facebook
Twitter Tweet
Follow Follow us

rafpe

More Posts

Leave a Reply

Your email address will not be published. Required fields are marked *