Skip to content
English
More support Sign in
Contact us
  • There are no suggestions because the search field is empty.

How to Restrict Bucket Access by User in the Impossible Cloud Storage Console

This guide shows how to configure an IAM user in the Impossible Cloud Storage Console can access only a specific bucket. You will learn how to create permissions using inline-policies and generate an access token for the right bucket.

Overview

Impossible Cloud Storage is an S3 Compatible Storage which includes support for industry-ready Identity and Access Management (IAM) features. This feature enables root users to manage access and permissions for different IAM users in Impossible Cloud Storage Console (ICSC) using users, policies, and groups.

To access resources, each IAM user must be assigned a policy—either directly via inline policies or through group assignments. Access keys created for a user will inherit that user’s permissions.

This guide explains how to assign a policy directly to a IAM user for giving access to a specific bucket. We will use inline policy and generate an access key with matching permissions using the Impossible Cloud Storage Console (ICSC).

Step-By-Step Process

1. Create a New IAM User:

2. Create an Inline Policy for the User:

  • After the user has been created, click on the newly created user under the Users tab.
  • Navigate to the Inline-Policies tab and click on Create New Policy.
  • Define the policy to grant the user access to a specific bucket.
  • Here is a simple example of such a policy that grants full access to a bucket named 'your-bucket':
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::your-bucket",
        "arn:aws:s3:::your-bucket/*"
      ]
    }
  ]
}

Notes:

  • "Action": "s3:*" allows all S3 actions.
  • The Resource lines specify the bucket itself and all objects within it.
  • To grant access to a different bucket, replace your-bucket with the name of the desired bucket.
  • For more fine-grained permissions, you can modify the Action list to allow only specific actions such as s3:ListBucket for listing objects or s3:GetObject for downloading objects.
  • Assigning an inline policy can also be done using the AWS CLI.

Tips: When creating your own policy, always validate the policy JSON via an online JSON validator to prevent formatting error.

3. Add Access Key:

  • Go to the Access Keys tab of the IAM user you created and click on Add access key.
  • The access key will inherit the permissions defined in the inline policy.

Links and References

Learn more about the Impossible Cloud Storage IAM Features in our documentation.