Clive Portman: code

Amazon S3 user permissions for Craft CMS

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::bucketname"
        }
    ]
}

This prevents other buckets from being listed in the backend. I had to add PutObject and PutObjectAcl to get things working or the file upload would just hang with the error:

S3: Error: S3::putObject(): [AccessDenied] Access Denied

Finally, if you want the images to show up on the front-end, you need to add a bucket policy:

{
    "Id": "PolicyXXXXXXXXXXXXXXX",
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "XXXXXXXXXXXXXXXX",
            "Action": [
                "s3:GetObject"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::bucketname/*",
            "Principal": "*"
        }
    ]
}