S3: Access Policies (Q5)

Question

HiI don't get passed this question when I put this for the access point:What am I missing here please, I always get an error on AWS saying that the access point can't be implemented.{&nbsp; &nbsp;"Version":"2012-10-17",&nbsp; &nbsp;"Statement": [&nbsp; &nbsp;{&nbsp; &nbsp; &nbsp; &nbsp;"Effect": "Allow",&nbsp; &nbsp; &nbsp; &nbsp;"Principal": {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;"AWS": "arn:aws:iam::407044316022:user/metrolio-accessor"&nbsp; &nbsp; &nbsp; &nbsp;},&nbsp; &nbsp; &nbsp; &nbsp;"Action": ["s3:ListBucket", "s3:GetObject"],&nbsp; &nbsp; &nbsp; &nbsp;"Resource": [&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;"arn:aws:iam::407044316022:accesspoint/metrolio-access-point/object/data/*"&nbsp; &nbsp; &nbsp; &nbsp;]&nbsp; &nbsp;}]}

jagira · Answer

Hi kikasudo&nbsp;Lets solve it. We are required to create access point in specified bucket.&nbsp;What is access point?While bucket policies allow access to a specific user or group, this can be difficult to maintain with a large number of users, so AWS created access points.Go to amazon s3 =&gt; buckets =&gt; metrolio-grant-some-access-74e985a2you will find 2 objects in this bucket. click "access points" available in the menubar. Initially there is no access point in the specified bucket.there is a button named "create access point", click itenter name of the access point and select internetas per question user metrolio-accessor is allowed to list all subjects ie s3:ListBucketdownload only those within the data directory ie s3:GetObjectIn resource part there should be 2 lines:&nbsp;&nbsp;"Resource": ["arn:aws:iam::407044316022:accesspoint/metrolio-access-point",&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;"arn:aws:iam::407044316022:accesspoint/metrolio-access-point/object/data/*"&nbsp; &nbsp; &nbsp; &nbsp;]

jagira · Answer

Let me know if more help is needed

kieranrowley · Answer

I've taken a look and it looks like the last community member to complete this lab is jagira - do you have any hints for kikasudo ?

kikasudo · Answer

Hi jagira - thanks for your help, I'm still getting an error for some reasonSorry for delay, haven't had a chance to get back on this lab yetThis is the code below:{&nbsp;&nbsp; "Version":"2012-10-17",&nbsp;&nbsp; "Statement": [&nbsp;&nbsp; {&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "Effect": "Allow",&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "Principal": {&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "AWS": "arn:aws:iam::936038958388:user/metrolio-accessor"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; },&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "Action": ["s3:ListBucket", "s3:GetObject"],&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "Resource": [&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "arn:aws:iam::936038958388:accesspoint/metrolio-access-point",&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "arn:aws:iam::936038958388:accesspoint/metrolio-access-point/object/data/*"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ]&nbsp;&nbsp; }]}

kikasudo · Answer

I've tried different ARN's too, including 407044316022

Forum Discussion

S3: Access Policies (Q5)

Featured Places

Help & Support Forum

Related Content

Persistence: Accessibility Features - missing token.txt

Help needed for Threat Hunting - Credential Access

IAM: Demonstrate Your Skills - Developer access (2/3)

Credential Access - NTDS

My License is expired, and then i dont have no more Access to my Badges?

Recent Discussions

PowerShell Deobfuscation: Ep 8 help

Introduction to Elastic: Ep.9 - ES|QL

Powershell Deobsfuscation Ep.7

Securing Web Applications with AWS WAF and CloudFront ---- Configuring Secure Web Hosting with AWS CloudFront

Discovery: Enumeration Scripts – Part 1