Connect to only one S3 bucket without seeing other buckets in the AWS account

Private · September 14, 2022, 2:06am

Hello,
I have an AWS account with multiple buckets. One computer should not be allowed to access or ideally even see any other buckets.

Can I set up CloudBerry Backup access to a single S3 bucket and provide keys only to that bucket but not to the entire AWS account?

Can I set it up so that only one bucket is visible and no other buckets are visible, even their names?

If not possible, even if names of other buckets are visible, can i restrict access to only one bucket so that no contents of other buckets would be accessible (not even see the file names)

Thank you

gxvigo · November 24, 2023, 1:41am

Hi,
This IAM policy will allow CloudBerry to list all buckets and only access the

{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“s3:GetObject”,
“s3:ListBucket”,
“s3:PutObject”,
“s3:Describe*”,
“s3:PutObjectAcl”,
“s3:AbortMultipartUpload”,
“s3:ListBucketMultipartUploads”,
“s3:ListMultipartUploadParts”,
“s3:RestoreObject”
],
“Resource”: [
“arn:aws:s3:::”,
“arn:aws:s3:::/"
]
},
{
“Effect”: “Allow”,
“Action”: [
“s3:ListAllMyBuckets”
],
“Resource”: [
"”
]
}
]
}

If you don’t want to list all buckets, remove the second json statement (ListAllMyBuckets)