Adding a bucket policy by using the Amazon S3 console
You can use the AWS Policy
Generator
Make sure to resolve security warnings, errors, general warnings, and suggestions from AWS Identity and Access Management Access Analyzer before you save your policy. IAM Access Analyzer runs policy checks to validate your policy against IAM policy grammar and best practices. These checks generate findings and provide actionable recommendations to help you author policies that are functional and conform to security best practices. To learn more about validating policies by using IAM Access Analyzer, see IAM Access Analyzer policy validation in the IAM User Guide. To view a list of the warnings, errors, and suggestions that are returned by IAM Access Analyzer, see IAM Access Analyzer policy check reference.
For guidance on troubleshooting errors with a policy, see Troubleshoot access denied (403 Forbidden) errors in Amazon S3.
To create or edit a bucket policy
Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/
. -
In the left navigation pane, choose Buckets.
-
In the Buckets list, choose the name of the bucket that you want to create a bucket policy for or whose bucket policy you want to edit.
-
Choose the Permissions tab.
-
Under Bucket policy, choose Edit. The Edit bucket policy page appears.
-
On the Edit bucket policy page, do one of the following:
-
To see examples of bucket policies, choose Policy examples. Or see Examples of Amazon S3 bucket policies in the Amazon S3 User Guide.
-
To generate a policy automatically, or edit the JSON in the Policy section, choose Policy generator.
If you choose Policy generator, the AWS Policy Generator opens in a new window.
-
On the AWS Policy Generator page, for Select Type of Policy, choose S3 Bucket Policy.
-
Add a statement by entering the information in the provided fields, and then choose Add Statement. Repeat this step for as many statements as you would like to add. For more information about these fields, see the IAM JSON policy elements reference in the IAM User Guide.
Note
For your convenience, the Edit bucket policy page displays the Bucket ARN (Amazon Resource Name) of the current bucket above the Policy text field. You can copy this ARN for use in the statements on the AWS Policy Generator page.
-
After you finish adding statements, choose Generate Policy.
-
Copy the generated policy text, choose Close, and return to the Edit bucket policy page in the Amazon S3 console.
-
-
In the Policy box, edit the existing policy or paste the bucket policy from the AWS Policy Generator. Make sure to resolve security warnings, errors, general warnings, and suggestions before you save your policy.
Note
Bucket policies are limited to 20 KB in size.
-
(Optional) Choose Preview external access in the lower-right corner to preview how your new policy affects public and cross-account access to your resource. Before you save your policy, you can check whether it introduces new IAM Access Analyzer findings or resolves existing findings. If you don’t see an active analyzer, choose Go to Access Analyzer to create an account analyzer in IAM Access Analyzer. For more information, see Preview access in the IAM User Guide.
-
Choose Save changes, which returns you to the Permissions tab.