Unable to attach IAM role in S3 bucket policy

[rajasekaran07]

Hi Team,

I am trying to provide my s3 bucket access to only specific IAM role instances. I applied below policy but it is not working.

{ "Version": "2008-10-17", "Statement": [ { "Sid": "Stmt1371012493903", "Effect": "Deny", "NotPrincipal": { "AWS": "arn:aws:iam::(Account-no):role/(my-role)" }, "Action": [ "s3:List", "s3:Get" ], "Resource": "arn:aws:s3:::my-bucket/*" } ] }

Also I configured aws using aws configure with my temporary access and secret access key using curl http://169.254.169.254/latest/meta-data/iam/security-credentials/ but still I am seeing

curl https://s3.amazonaws.com/my-bucket/myfile.json

AccessDeniedAccess Denied1C272502A24D780DYRP7gKyKfSQRzlKeOx/YpxHCjdh9AlBb80hcfwy9fjAAY9tlDNfmziRhfWzdIkDmgt/TWwT8Ink=

Regards, Raja

[rajasekaran07]

I followed the below link and modified my s3 policy as below I am unable to curl in both account. https://aws.amazon.com/blogs/security/how-to-restrict-amazon-s3-bucket-access-to-a-specific-iam-role/

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Principal": "", "Action": "s3:", "Resource": [ "arn:aws:s3:::my-bucket", "arn:aws:s3:::bucket/" ], "Condition": { "StringNotLike": { "aws:userId": [ "AROAJZ45MYWZWL7SPA56W:", "27***646" ] } } } ] }

[robindierckx]

+1 would be great to have an example S3 bucket configuration policy for an access key