Create AWS access key that only allow s3

Question

I want to create an AWS access key that only allow s3. That means the key can't be used with any other service. Is it possible? How?

Answer 1

Is it possible ??

Yes. You can use AWS Identity and Access Management (IAM)

Ideally you should never give your admin/main account credentials for anything other than creating different IAM.

So create different users with needed securities, and create access keys for them and use it.

HOW ??

You can directly create from AWS Console IAM

 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:ListAllMyBuckets"],
      "Resource": "arn:aws:s3:::*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetBucketLocation"
      ],
      "Resource": "arn:aws:s3:::bucket-name"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": "arn:aws:s3:::bucket-name/*"
    }
  ]
}

or if you S3Browser please follow this

Answer 2

Yes, create an IAM user in the aws console and then assign it a policy like this:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1397557252000",
      "Effect": "Allow",
      "Action": [
        "s3:*"
      ],
      "Resource": [
        "arn:aws:s3:::*"
      ]
    }
  ]
}