Create a policy

Steps

  1. Sign in to the AWS Management Console and open the IAM console with the appropriate admin level account.
  2. In the navigation pane on the left, choose Policies and then choose Create policy.
  3. In the Policy editor section, find the Select a service section, then choose S3 service, and select Next. Once S3 service permissions are added, next, move on to IAM service.
  4. In Actions allowed, choose the below actions to add to the policy:
    • For scanning
      • IAM service
        • Read > GetUser
        • Read > GetPolicyVersion
        • Read > GetPolicy
        • Read > GetUserPolicy
        • List > ListUserPolicies
        • List > ListAttachedUserPolicies
      • S3 service
        • Read > GetBucketAcl
        • Read > GetBucketLocation
        • Read > GetObject
        • Read > GetObjectAcl
        • List > ListAllMyBuckets
        • List > ListBucket
    • For revoke permissions (S3 service)
      • Permission Management > PutBucketAcl
      • Permission Management > PutObjectAcl
    • For tagging (S3 service)
      • Write > DeleteObject
      • Write > PutObject
      • Tagging > DeleteObjectTagging
      • Tagging > PutObjectTagging

  5. For Resources, choose all and select Create policy to save the new policy.