Create a single IAM user to access only specific S3 bucket

By

 Create a single IAM user to access only specific S3 bucket



{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Sid": "Stmt1528735049406",

      "Action": [

        "s3:DeleteObject",

        "s3:GetObject",

        "s3:HeadBucket",

        "s3:ListBucket",

        "s3:ListObjects",

        "s3:PutObject"

      ],

      "Effect": "Allow",

      "Resource": "arn:aws:s3:::YOURBUCKETNAME"

    }

  ]

}








{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Sid": "BucketOperations",

            "Effect": "Allow",

            "Action": "s3:ListBucket*",

            "Resource": "arn:aws:s3:::<bucketname>"

        },

        {

            "Sid": "ObjectOperations",

            "Effect": "Allow",

            "Action": [

               "s3:AbortMultipartUpload",

               "s3:ListMultipartUploads",

               "s3:DeleteObject*",

               "s3:GetObject*",

               "s3:PutObject*"

            ],

            "Resource": "arn:aws:s3:::<bucketname>/*"

        },

        {

            "Sid": "DenyAllOthers",

            "Effect": "Deny",

            "Action": "s3:*",

            "NotResource": [

               "arn:aws:s3:::<bucketname>",

               "arn:aws:s3:::<bucketname>/*"

            ]

        }

    ] 

}

Comments

Post a Comment

Popular posts from this blog

How to install nuke in windows 10 and windows 11,Installing Nuke on Windows, Install Nuke on Windows

By
  SINGLE MACHINE 1.Install Your Foundry Product 2.Install FLT7 (If you already have our rlm server working and running , jump to step 8)  3.Stop Foundry License Server 4.Copy the cracked rlm.foundry.exe over the original one (C:\Program Files\The Foundry\LicensingTools7.1\bin\RLM\rlm.foundry.exe)  5.Edit xf_foundry.lic replacing desktop 1234567890123456 (host name, Mac-Address)  You can get those informations using rlmutil.exe , a simple dos window ipconfig/all   or you can start Foundry License Utility and choose Diagnostics and Run Diagnostics, you will find your hostname, your mac address (System ID)     PORT is by default 5053 if you dont put any (dont forget to delete the word PORT then if you dont want to specify one) . If you need more infos read RLM manual. 6.Copy the xf_foundry.lic to C:\ProgramData\The Foundry\RLM or C:\Program Files\The Foundry\LicensingTools7.1\bin\RLM\ 7.Restart RLM Server you can do that from services or just with Fo...
Read more

Wazuh Server Detecting unauthorized processes

By
  Wazuh Server Detecting unauthorized processes Ubuntu endpoint Take the following steps to configure command monitoring and query a list of all running processes on the Ubuntu endpoint. Add the following configuration block to the Wazuh agent  nano/var/ossec/etc/ossec.conf file. This allows to periodically get a list of running processes: <ossec_config>   <localfile>     <log_format>full_command</log_format>     <alias>process list</alias>     <command>ps -e -o pid,uname,command</command>     <frequency>30</frequency>   </localfile> </ossec_config> Restart the Wazuh agent to apply the changes: $ sudo systemctl restart wazuh-agent Install Netcat and the required dependencies: $ sudo apt install ncat nmap -y   Wazuh server Add the following rules to the /var/ossec/etc/rules/local_rules....
Read more

How to install and configure OSSEC server and client

By
How to install and configure OSSEC server and client sudo timedatectl set-timezone Asia/Calcutta Asia/Calcutta   1. sudo apt-get update && sudo apt-get upgrade -y 2. sudo apt-get install build-essential libevent-dev zlib1g-dev libssl-dev unzip wget -y 3. sudo apt-get install libpcre2-dev 4. sudo apt-get install libsystemd-dev 5. wget https://github.com/ossec/ossec-hids/archive/3.7.0.tar.gz 6. tar -xvzf 3.7.0.tar.gz 7. cd ossec-hids-3.7.0 8. sudo ./install.sh 9. sudo /var/ossec/bin/ossec-control start   Configure OSSEC nano /var/ossec/etc/ossec.conf Update below <global>     <email_notification>yes</email_notification>     <email_to>root@localhost</email_to>     <smtp_server>127.0.0.1</smtp_server>     <email_from>ossecm@localhost</email_from> </global>   <global>     <emai...
Read more