Assuming you need an AWS IAM policy giving all permissions only for specific S3 Buckets. The user can perform all actions but only on given buckets.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::your-bucket",
"arn:aws:s3:::your-bucket/*"
]
}
]
}
- First statement allows all S3 buckets to be listed to the user (useful to see in the console). There is no permission to allow listing of only specific S3 buckets.
- Second statement allows all actions for a specific S3 bucket named named your-bucket and its contents. Include your own ARNs here.