My objective is userone buckets shoud not show to other users:
s3:ListAllMyBucket Returns a list of all buckets owned by the authenticated sender of the request. To use this operation, you must have the s3:ListAllMyBuckets permission.
This is my policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:ListAllMyBuckets"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
s3.ListAllMyBuckets is not working i don't know why? If i misunderstand something please let me know
This Solution works but i need to know why s3:ListAllMyBuckets not working or if misunderstand something please let me know
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::prefix*"
]
}
]
}
So there's no concept of a 'bucket owner' in MinIO as there is in AWS S3. The s3:ListAllMyBuckets operation effectively grants access to the ListBuckets API operation.
For what you want, there are a few patterns you can explore:
Using prefixes in a bucket per user and configuring the resource as "arn:aws:s3:::${aws:username}"
Creating a bucket per-user and creating a corresponding policy for that user only granting access to that bucket
MinIO adopts S3's deny-by-default attitude, so as long as you explicitly state which resources a user has access to, the others will fall off on their own.