- Newest
- Most votes
- Most comments
Hi shengxian_huang
Here are the links for your requirements. They should help you with what you are looking for. You may accept the answer if it helped so that I know.
Different ways to grant access:
https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/#:~:text=IAM%20policies%20vs.&text=You%20attach%20IAM%20policies%20to,attached%20only%20to%20S3%20buckets.
Granting access to folders:
https://aws.amazon.com/blogs/security/writing-iam-policies-grant-access-to-user-specific-folders-in-an-amazon-s3-bucket/
https://aws.amazon.com/premiumsupport/knowledge-center/s3-folder-user-access/
https://aws.amazon.com/premiumsupport/knowledge-center/iam-s3-user-specific-folder/
Writing IAM policies:
https://aws.amazon.com/blogs/security/writing-iam-policies-how-to-grant-access-to-an-amazon-s3-bucket/
Policy generaotor:
https://awspolicygen.s3.amazonaws.com/policygen.html
You can check NirvaShare - https://nirvashare.com With that, you can share file or folder level access to internal or external users with fine access control. Also easy to integrate with AWS SSO users with a group, etc.
Relevant content
- asked a year ago
- asked 5 months ago
- asked 9 months ago
- AWS OFFICIALUpdated 4 days ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 13 days ago
Not sure I understood what you meant by layer folders
It is the level one directory, level two directory, level three directory access and modify permission Settings.
Create separate folders and use policies for each based on how you want permissions to different users. You can create use groups, assign users to those groups and then attach policies to user groups
Because I used RaiDrive to connect to S3, the network drive disk was directly mapped to the root directory of S3 bucket, and I logged in with different IAM accounts on different computers. After all the data of the company was migrated to S3 bucket, I needed to check many folders (root directory, level 1 directory, level 2 directory, Assign permissions to different users or groups (add, delete, modify, search, etc.). I have tried IAM strategy, bucket strategy, access point, etc., and it doesn't seem to meet the demand, or do I not know how to do it?
Not sure where you are going wrong. You may have to figure out a way to achieve what you want to by experimenting or see if anyone else can throw more light on this.