I am working on a policy document that allows IAM users to name S3 in a specific “blog”, where they can create / edit / delete files, and change file permissions in a bucket for global reading, so uploaded files can be made public on the blog. Here is what I still have, the only problem is that the policy does not allow the user to change permissions.
How to update this policy to allow the user to change permissions for global read access?
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListAllMyBuckets"],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::blog"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::blog/*"
}
]
}
thank
source
share