Example Standard Groups for S3 User Management

2 minute read

In this section, we provide you with some example standard groups that you can create for S3 user management. These groups are designed to define various levels of access for users in your S3 environment. Please note that the actual names of groups, permissions, and users may vary depending on your specific requirements and organizational structure.

Info

These example standard groups serve as a starting point and can be adapted to the needs of your organization. They provide a basic template for common scenarios in S3 user management using the plusserver S3 service. For detailed information on AWS S3 permission policies and their configuration, we strongly recommend reading the official AWS documentation on S3 Access Control. Additionally, you can find specific information and recommendations for access management in StorageGrid in the Usage of Bucket and Group Access Policies. These resources offer detailed insights into the available actions, resources, and configuration options, allowing you to tailor access controls to the specific needs of your business. You can also use the AWS Policy Generator to create custom permission policies precisely tailored to your requirements.

Group with access to specific Buckets

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject"
      ],
      "Resource": [
        "arn:aws:s3:::bucket1/*",
        "arn:aws:s3:::bucket2/*"
      ]
    }
  ]
}

Group with read-only access to specific Buckets

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::bucket3/*",
        "arn:aws:s3:::bucket4/*"
      ]
    }
  ]
}

Group with access to specific folders in Buckets

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject"
      ],
      "Resource": [
        "arn:aws:s3:::bucket5/folder1/*",
        "arn:aws:s3:::bucket6/folder2/*"
      ]
    }
  ]
}

Example administrative group with access to all Buckets with selected actions

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject",
        "s3:ListBucket",
        "s3:GetBucketPolicy",
        "s3:PutBucketPolicy"
      ],
      "Resource": "*"
    }
  ]
}

Last modified 03.05.2024: dos2unix mansvc files (d79b1ea)