AWS ELB Access log S3 bucket policy
{
"Version": "2012-10-17",
"Id": "AWSConsole-AccessLogs-Policy-1503036723495",
"Statement": [
{
"Sid": "AWSConsoleStmt-1503036723495",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::127311923021 (127 is AWS Loadbalancer Account ID):root"
},
"Action": "s3:PutObject",
"Resource": ["arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*",
"arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*",
"arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*",
"arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*",
"arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*",
"arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*",
"arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*",
"arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*",
"arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*",
"arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*"
]
}
]
}
http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html
AWS S3 bucket Public readonly access policy
{
"Version": "2008-10-17",
"Id": "Policy1380877762691",
"Statement": [
{
"Sid": "Stmt1380877761162",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::Bucketname/*"
}
]
}
S3 Bucket copy from one account to another policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::remote aws account number:root",
"arn:aws:iam::working aws account number :user/aws user"
]
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::Bucketname",
"arn:aws:s3:::Bucketname/*"
]
}
]
}
{
"Version": "2012-10-17",
"Id": "AWSConsole-AccessLogs-Policy-1503036723495",
"Statement": [
{
"Sid": "AWSConsoleStmt-1503036723495",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::127311923021 (127 is AWS Loadbalancer Account ID):root"
},
"Action": "s3:PutObject",
"Resource": ["arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*",
"arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*",
"arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*",
"arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*",
"arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*",
"arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*",
"arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*",
"arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*",
"arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*",
"arn:aws:s3:::S3 Bucket Name/foldername/AWSLogs/AWS Your Account ID/*"
]
}
]
}
http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html
AWS S3 bucket Public readonly access policy
{
"Version": "2008-10-17",
"Id": "Policy1380877762691",
"Statement": [
{
"Sid": "Stmt1380877761162",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::Bucketname/*"
}
]
}
S3 Bucket copy from one account to another policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::remote aws account number:root",
"arn:aws:iam::working aws account number :user/aws user"
]
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::Bucketname",
"arn:aws:s3:::Bucketname/*"
]
}
]
}
Posts
1 comments:
simply superb,mind blowing, i will share your blog to my friends also
AWS Online Training
Post a Comment