How do I setpolicy to deny deletes for a bucket

Priya Sehgal <priya.sehgal@xxxxxxxxx> · Thu, 30 May 2019 11:25:20 +0530

I want to deny deletes on one of my buckets. I tried to run "s3cmd setpolicy". I tried two configs (json files). I do not get any error code and when I try to do getpolicy I see the same json. However, when I delete objects present in the bucket I am able to delete the object. Please let me know where am I going wrong.
Here are the two policy json files:
1. POLICY FILE 1
{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Deny",
    "Principal": "*",
    "Action": "s3:DeleteObject",
    "Resource": [
      "arn:aws:s3:::my-new-bucket3/*"
    ]
  }]
}

2. POLICY FILE 2
{    
"Version": "2012-10-17",

"Statement": [    

    {
        "Effect": "Allow",
        "Action": [
            "s3:GetObject",
            "s3:PutObject",
            "s3:GetObjectAcl",
            "s3:PutObjectAcl",
            "s3:ListBucket",
            "s3:GetBucketAcl",
            "s3:PutBucketAcl",
            "s3:GetBucketLocation"
        ],
        "Resource": "*"
    },
    {
        "Effect": "Allow",
        "Action": "s3:ListAllMyBuckets",
        "Resource": "*"
    },
    {
        "Effect": "Deny",
        "Action": [
            "s3:DeleteBucket",
            "s3:DeleteBucketPolicy",
            "s3:DeleteBucketWebsite",
            "s3:DeleteObject",
            "s3:DeleteObjectVersion"
        ],
        "Resource": "arn:aws:s3:::my-new-bucket3/*"
    }
]
}  

Command used: s3cmd setpolicy examplepol s3://my-new-bucket3

where, exampol file contains either (1) or (2) of the above policy stmts.

-- 
Regards,
Priya
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com