I believe arn:aws:s3:::*/* will allow access to objects on any bucket the IAM user has access to. You should probably use arn:aws:s3:::NAME_OF_YOUR_BUCKET_GOES_HERE/* if you want to restrict access just to that bucket.
I've been a Ruby on Rails developer for over 10 years and am currently developing a comprehensive Ruby on Rails course to help you integrate Stripe into your app 💎🛤💰
I was leaning on the S3 policy builder for feedback and mid-interpreted its recommendation. Always learning 😁 thanks for the catch. I’ve updated the post to reflect this.
Note that the s3:ListBucket permission still needs to be on the bucket resource, i.e. arn:aws:s3:::NAME_OF_YOUR_BUCKET_GOES_HERE. This permission allows you to list objects in the bucket, which is needed for ActiveStorage's #delete_prefixed.
I've been a Ruby on Rails developer for over 10 years and am currently developing a comprehensive Ruby on Rails course to help you integrate Stripe into your app 💎🛤💰
I believe
arn:aws:s3:::*/*
will allow access to objects on any bucket the IAM user has access to. You should probably usearn:aws:s3:::NAME_OF_YOUR_BUCKET_GOES_HERE/*
if you want to restrict access just to that bucket.I was leaning on the S3 policy builder for feedback and mid-interpreted its recommendation. Always learning 😁 thanks for the catch. I’ve updated the post to reflect this.
Note that the
s3:ListBucket
permission still needs to be on the bucket resource, i.e.arn:aws:s3:::NAME_OF_YOUR_BUCKET_GOES_HERE
. This permission allows you to list objects in the bucket, which is needed for ActiveStorage's#delete_prefixed
.Ahh - that must be what was causing my validation warning in the editor! How does this look?