Limit AWS S3 Bucket to only Lambda access

Problem:

I am using an AWS S3 bucket to hold configuration files for Java AWS Lambdas. How do I configure the bucket to only allow access to any lambda function and nothing else?



Solution:

You need to add s3 bucket policy for account 123456789012 in region us-east-1

   {
     "Id": "Policy1498253351771",
     "Version": "2012-10-17",
     "Statement": [
        {
           "Sid": "Stmt1498253327847",
           "Action": [
                        "s3:GetObject",
                        "s3:PutObject"
                     ],
           "Effect": "Allow",
           "Resource": "arn:aws:s3:::<bucket_name>/<prefix>",
           "Principal": {
           "AWS": [
                 "arn:aws:lambda:us-east-1:123456789012:function:*"
                ]
           }
        }
    ]
 }

Above is a general policy for all lambda functions.

If you need to generate a more granular policy as per your usecase , you can try AWS Policy Generator

Read more here: Source link