Limit AWS S3 Bucket to only Lambda access
Problem:
I am using an AWS S3 bucket to hold configuration files for Java AWS Lambdas. How do I configure the bucket to only allow access to any lambda function and nothing else?
Solution:
You need to add s3 bucket policy for account 123456789012
in region us-east-1
–
{
"Id": "Policy1498253351771",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1498253327847",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::<bucket_name>/<prefix>",
"Principal": {
"AWS": [
"arn:aws:lambda:us-east-1:123456789012:function:*"
]
}
}
]
}
Above is a general policy for all lambda functions.
If you need to generate a more granular policy as per your usecase , you can try AWS Policy Generator
Read more here: Source link