CloudFormation - Restrict IAM User to a Single Folder in an S3 Bucket


This article describes how to create an IAM policy that can be used with ATS in an AWS CloudFormation template. This IAM policy will restrict an IAM user to a single folder within an S3 bucket. Once created, CloudFormation will output an AWS access key and secret that can be used with ATS.


You should already have an S3 bucket created. 



  1. Login to AWS console.
  2. Navigate to the Cloud Formation page.
  3. Click on "Create".
  4. Specify an Amazon S3 template URL: (note: you can also download and edit the defaults in the template for your specific deployment).
  5. Click "Next".
  6. Input a name for the Stack and the S3 bucket and folder you plan to use.
  7. Click "Next" to review the config, and then "Create".
  8. The creation should take about 60 seconds. Once the stack has finished, you will find the AWS access key and secret in the "Outputs" tab. Use this access key/secret pair with your Aspera Client to create ATS credentials. 


Additional resources

  1. Amazon cloud formation documentation
Powered by Zendesk