I tested this and I believe that I’m correct about this, I just want to confirm that I’m thinking about this correctly.
On Ryan’s lecture about bucket policies he said that it’s important to remember that in the resource field of the bucket policy, that you need to put / after the bucket ARN. Am I correct that you only need to do that IF the actions allowed to the user is anything less than full access "s3:"
Meaning that if you’re only granting a user access to only put things in the bucket, then you would need / after the bucket ARN in the resource field. But if you are granting them FULL access to the bucket, then / is not required at the end of the bucket ARN.
*Example of the / not being required after the ARN in the resource field, because the user has full assess to the bucket:**
{
"Id": "Policy1587166806011",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1587166782043",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "arn:aws:s3:::Bucket99999",
"Principal": {
"AWS": [
"arn:aws:iam::034631306003:user/John_Smith"
]
}
}
*Example of the / being required after the ARN in the resource field, because the user does not have full access to the bucket:**
{
"Id": "Policy1587166806011",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1587166782043",
"Action": "s3:DeleteObject",
"Effect": "Allow",
"Resource": "arn:aws:s3:::Bucket99999",
"Principal": {
"AWS": [
"arn:aws:iam::034631306003:user/John_Smith"
]
}
}
I’m not sure if the AWS examine gets tricky, trying to see if you would know when you would need /* after the resource name and when you wouldn’t.
Thanks!