Example IAM Policy for AWS S3

By Cory LaViska on December 21, 2021

If you're setting up a website on S3 + CloudFront, this example policy will help.

Laptop with computer code on the screen

Amazon Web Services (AWS) is pretty awesome, but at times it can feel overwhelming. If you're having trouble with permissions, this example policy might help you connect and publish to your S3 bucket.

Note that this is extremely permissive, so you may want to narrow it down to only include the read/write operations you need if you're storing anything sensitive. However, it's probably fine for the majority of Surreal CMS users that are only storing publicly available HTML files.

Note the need for both www.example.com and www.example.com/*. You may need to update or remove the www if you're hosting your site on a subdomain or if you're not using the www as part of your domain.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor1",
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::www.surrealcms.com/*",
        "arn:aws:s3:::www.surrealcms.com"
      ]
    }
  ]
}