Granting READ for AWS users using predefined groups from the CLI

We can grant READ for any AWS user using the AuthenticatedUser predefined group by performing the following steps:

  1. If you followed along with the previous section, remove the List objects permission for the bucket that was granted to Everyone
  2. Create a policy that grants access to the AuthenticatedUsers group and save it as acl-grant-authenticated-users.json:
{
  "Owner": {
    "DisplayName": "awsseccookbook",
    "ID": "5df5b6014ae606808dcb64208aa09e4f19931b3123456e152c4dfa52d38bf8fd"
  },
  "Grants": [
    {
      "Grantee": {
        "Type": "Group",
        "URI": "http://acs.amazonaws.com/groups/global/AuthenticatedUsers"
      },
      "Permission": "READ"
    }
  ]
}

Here, the Owner element has the current account's display name and canonical ID. The Grants element grants the READ permission to the AuthenticatedUsers group.

  1. Execute the put-bucket-acl command by providing the preceding policy document:
aws s3api put-bucket-acl 
    --bucket awsseccookbook 
    --access-control-policy file://resources/acl-grant-authenticated-users.json 
    --profile awssecadmin
  1. The testuser user should now be able to list the contents of the S3 bucket. However, we won't be able to list the bucket contents from the browser.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.189.44.52