Semicolon & Sons

S3 buckets need stars in permissions for subobjects

This is part of the Semicolon&Sons Code Diary - consisting of lessons learned on the job. You're in the AWS category.

Last Updated: 2024-11-21

After moving to a new bucket-name for Project B, I was unable to upload any object despite having a seemingly OK policy attached to my bucket.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "statement1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::AccountB-ID:user/jack"
            },
            "Action":   ["s3:PutObject","s3:PutObjectAcl"],
            "Resource": "arn:aws:s3:::projectb"
        }
    ]
}

The fix? In the line "Resource" I needed to add a star after the bucketname in order for the putObject to work and allow me to upload entities into the bucket.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "statement1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::AccountB-ID:user/jack"
            },
            "Action":   ["s3:PutObject","s3:PutObjectAcl"],
            "Resource": "arn:aws:s3:::projectb/*"
        }
    ]
}

Get Episode Alerts and Freebies

We publish a video once every week, on Sundays. Every 2nd video is completely free to watch.

If you'd like, we can remind you via email when a new episode is released. We'll also keep you up to date about the top-secret game we're developing for learning programming.

Semicolon & Sons

© 2024 Semicolon & Sons. All rights reserved.