-
Notifications
You must be signed in to change notification settings - Fork 127
Manipulating S3 Policies
Timothy Kay edited this page Nov 11, 2013
·
1 revision
You can manipulate policies with "aws". To demonstrate, first set a policy using the console and the Policy Generator. Then pull the policy:
aws get test683?policy
{"Version":"2008-10-17","Id":"Test Policy","Statement":[{"Sid":"1","Effect":"Deny","Principal":{"AWS":"*"},"Action":"s3:DeleteBucket","Resource":"arn:aws:s3:::test683"}]}$
(Note that the policy is displayed without a trailing \n, so the $ shell prompt shows up on the same line.)
Then edit the policy:
$ cat policy.json
{
"Version":"2008-10-17",
"Id":"Test Policy",
"Statement":[{
"Sid":"1",
"Effect":"Deny",
"Principal":{"AWS":"*"},
"Action":"s3:DeleteObject",
"Resource":"arn:aws:s3:::test683/*"
}]
}
$
and set the new policy:
$ aws put test683?policy <policy.json
$ aws get test683?policy
{"Version":"2008-10-17","Id":"Test Policy","Statement":[{"Sid":"1","Effect":"Deny","Principal":{"AWS":"*"},"Action":"s3::DeleteObject","Resource":"arn:aws:s3:::test683/*"}]}$