Skip to main content

Session policy example

Contributors netapp-maireadn

Use the following example to build a StorageGRID session policy.

Example: Set up a session policy that allows object retrieval

In this example, the session's principal is only allowed to retrieve objects from bucket1. All other actions are implicitly denied, except for StorageGRID-specific actions, such as using the s3:PutOverwriteObject permission. The session policy can be provided as a JSON file while calling the AssumeRole API.

{
  "Statement": [
    {
      "Action": "s3:GetObject",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::bucket1/*"
    }
  ]
}