Goal
- I have different departments that use the same Datameer instance.
- Each department has its own folder in an S3 bucket. The folder name matches the corresponding AWS user name.
- I need the IAM policy allowing the AWS user to access only its own folder in this bucket and import data from it into Datameer.
Learn
- To import data from an S3 bucket to Datameer, the AWS user should have the following permissions
"s3:ListBucket"
"s3:GetObject",
"s3:PutObject",
"s3:GetObjectAttributes" - To restrict the ListBucket action only to the required directories, use the following condition
"Condition": {
"StringLike": {
"s3:prefix": [
"${aws:username}/*",
"${aws:username}",
"${aws:username}_$folder$"
]
} - Three other actions should be allowed for the following resources
"Resource": [
"arn:aws:s3:::<bucket name>/${aws:username}/*",
"arn:aws:s3:::<bucket name>/${aws:username}",
"arn:aws:s3:::<bucket name>/${aws:username}_$folder$"
Comments
0 comments
Please sign in to leave a comment.