Today I came across a situation to implement vooplayer along with aws s3 bucket for uploading videos to the s3 bucket. The issue is that for integrating the voopler the IAM user should needs s3 admin permissions as the vooplayer itself will create an s3 bucket during the integration, name starting with "vooplayerv4-". The issue with this is that the user have access to all the buckets and its contents. So to restrict access for this user only to the bucket which belongs to him I have created a policy with the help of AWS support and sharing the same below:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::vooplayerv4-*",
"arn:aws:s3:::vooplayerv4-*/*"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:HeadBucket",
"s3:CreateBucket",
"s3:GetBucketLocation"
],
"Resource": "*"
}
]
}
After creating this policy , attached the same to a user and integrated the Vooplayer with the Access key id and secret access key of this user, which restrict the viewing of contents of buckets for only the
bucket starting with "vooplayerv4-" and for the rest it will show an access denied error.
That is all,
Cheers.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::vooplayerv4-*",
"arn:aws:s3:::vooplayerv4-*/*"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:HeadBucket",
"s3:CreateBucket",
"s3:GetBucketLocation"
],
"Resource": "*"
}
]
}
After creating this policy , attached the same to a user and integrated the Vooplayer with the Access key id and secret access key of this user, which restrict the viewing of contents of buckets for only the
bucket starting with "vooplayerv4-" and for the rest it will show an access denied error.
That is all,
Cheers.
Comments