Session policy example
Use the following example to build a StorageGRID session policy.
Example: Set up a session policy that allows object retrieval
In this example, the session's principal is only allowed to retrieve objects from bucket1. All other actions are implicitly denied, except for StorageGRID-specific actions, such as using the s3:PutOverwriteObject permission. The session policy can be provided as a JSON file while calling the AssumeRole API.
{ "Statement": [ { "Action": "s3:GetObject", "Effect": "Allow", "Resource": "arn:aws:s3:::bucket1/*" } ] }