Session policy example
Contributors
Suggest changes
PDFs
Use the following example to build a StorageGRID session policy.
Example: Set up a session policy that allows object retrieval
In this example, the session's principal is only allowed to retrieve objects from bucket1. All other actions are implicitly denied, except for StorageGRID-specific actions, such as using the s3:PutOverwriteObject permission. The session policy can be provided as a JSON file while calling the AssumeRole API.
{
"Statement": [
{
"Action": "s3:GetObject",
"Effect": "Allow",
"Resource": "arn:aws:s3:::bucket1/*"
}
]
}