feature: IAM Policies S3 Wasabi compatibles

2021-08-07 11:39:32 +02:00 · 2021-08-07 11:39:32 +02:00 · 73185baeac
commit 73185baeac
parent c56954a92a
3 changed files with 47 additions and 0 deletions
--- a/IAM/README.md
+++ b/IAM/README.md
@ -0,0 +1,7 @@
+# IAM Policies
+
+Actually those policies are tested on Wasabi S3 account.
+
+## Limitations
+
+* The policy `user_allow_specific_bucket.json` doesn't allow console operations
--- a/IAM/user_allow_specific_bucket.json
+++ b/IAM/user_allow_specific_bucket.json
@ -0,0 +1,15 @@
+{
+    "Statement": [
+        {
+            "Resource": [
+                "arn:aws:s3:::bucket-name/*",
+                "arn:aws:s3:::bucket-name"
+            ],
+            "Action": [
+                "s3:*"
+            ],
+            "Effect": "Allow"
+        }
+    ],
+    "Version": "2012-10-17"
+}
--- a/IAM/user_deny_explicitly_all_excluding_bucket.json
+++ b/IAM/user_deny_explicitly_all_excluding_bucket.json
@ -0,0 +1,25 @@
+{
+    "Statement": [
+        {
+            "NotResource": [
+                "arn:aws:s3:::bucket-name/*",
+                "arn:aws:s3:::bucket-name"
+            ],
+            "Action": [
+                "s3:ListBucket",
+                "s3:GetBucketLocation",
+                "s3:ListBucketMultipartUploads"
+            ],
+            "Effect": "Deny"
+        },
+        {
+            "NotResource": [
+                "arn:aws:s3:::bucket-name/*",
+                "arn:aws:s3:::bucket-name"
+            ],
+            "Action": "s3:*",
+            "Effect": "Deny"
+        }
+    ],
+    "Version": "2012-10-17"
+}