Forum Discussion
Bronze IIS3: Access Policies (Q5)
Hi
I don't get passed this question when I put this for the access point:
What am I missing here please, I always get an error on AWS saying that the access point can't be implemented.
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::407044316022:user/metrolio-accessor"
},
"Action": ["s3:ListBucket", "s3:GetObject"],
"Resource": [
"arn:aws:iam::407044316022:accesspoint/metrolio-access-point/object/data/*"
]
}]
}
Hi kikasudo
Lets solve it. We are required to create access point in specified bucket.
What is access point?
While bucket policies allow access to a specific user or group, this can be difficult to maintain with a large number of users, so AWS created access points.
Go to amazon s3 => buckets => metrolio-grant-some-access-74e985a2
you will find 2 objects in this bucket. click "access points" available in the menubar. Initially there is no access point in the specified bucket.
- there is a button named "create access point", click it
enter name of the access point and select internet
as per question user metrolio-accessor is allowed to list all subjects ie s3:ListBucket
download only those within the data directory ie s3:GetObjectIn resource part there should be 2 lines:
"Resource": [
"arn:aws:iam::407044316022:accesspoint/metrolio-access-point",
"arn:aws:iam::407044316022:accesspoint/metrolio-access-point/object/data/*"
]
5 Replies
- jagira
Bronze III
Hi kikasudo
Lets solve it. We are required to create access point in specified bucket.
What is access point?
While bucket policies allow access to a specific user or group, this can be difficult to maintain with a large number of users, so AWS created access points.
Go to amazon s3 => buckets => metrolio-grant-some-access-74e985a2
you will find 2 objects in this bucket. click "access points" available in the menubar. Initially there is no access point in the specified bucket.
- there is a button named "create access point", click it
enter name of the access point and select internet
as per question user metrolio-accessor is allowed to list all subjects ie s3:ListBucket
download only those within the data directory ie s3:GetObjectIn resource part there should be 2 lines:
"Resource": [
"arn:aws:iam::407044316022:accesspoint/metrolio-access-point",
"arn:aws:iam::407044316022:accesspoint/metrolio-access-point/object/data/*"
]
- jagira
Let me know if more help is needed
- KieranRowley
Community Manager
kikasudoHi jagira - thanks for your help, I'm still getting an error for some reason
Sorry for delay, haven't had a chance to get back on this lab yet
This is the code below:
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::936038958388:user/metrolio-accessor"
},
"Action": ["s3:ListBucket", "s3:GetObject"],
"Resource": [
"arn:aws:iam::936038958388:accesspoint/metrolio-access-point",
"arn:aws:iam::936038958388:accesspoint/metrolio-access-point/object/data/*"
]
}]
}
- kikasudo
I've tried different ARN's too, including 407044316022
