S3: Access Policies (Q5)

Hi kikasudo 

Lets solve it. We are required to create access point in specified bucket. 

What is access point?

While bucket policies allow access to a specific user or group, this can be difficult to maintain with a large number of users, so AWS created access points.

Go to amazon s3 => buckets => metrolio-grant-some-access-74e985a2

you will find 2 objects in this bucket. click "access points" available in the menubar. Initially there is no access point in the specified bucket.

• there is a button named "create access point", click it

• enter name of the access point and select internet

• as per question user metrolio-accessor is allowed to list all subjects ie s3:ListBucket

• download only those within the data directory ie s3:GetObjectIn resource part there should be 2 lines:

•   "Resource": [

  "arn:aws:iam::407044316022:accesspoint/metrolio-access-point",

           "arn:aws:iam::407044316022:accesspoint/metrolio-access-point/object/data/*"

         ]

Let me know if more help is needed

I've taken a look and it looks like the last community member to complete this lab is jagira - do you have any hints for kikasudo ?

Hi jagira - thanks for your help, I'm still getting an error for some reason

Sorry for delay, haven't had a chance to get back on this lab yet

This is the code below:

{

   "Version":"2012-10-17",

   "Statement": [

   {

       "Effect": "Allow",

       "Principal": {

           "AWS": "arn:aws:iam::936038958388:user/metrolio-accessor"

       },

       "Action": ["s3:ListBucket", "s3:GetObject"],

       "Resource": [

         "arn:aws:iam::936038958388:accesspoint/metrolio-access-point",

         "arn:aws:iam::936038958388:accesspoint/metrolio-access-point/object/data/*"

       ]

   }]

}