Is it possible to restrict access to a bucket in S3?

With the security credentials of the S3 account, it is possible to access all buckets that are assigned to the account and create new buckets.

However, it is possible to use IAM to create separate access keys that are restricted to one or a group of buckets.

Steps:

1. Create a new user under "IAM" -> "IAM User". Any name can be entered under "User Name", "Path" must be set to /.
2. Click on the new user and switch to the "IAM Policies" tab.
3. Create an "Inline Policy" there. Click on the "Policy Document" to open an editor. Enter the text from the code field below in the "JSON" tab.
4. New access keys can now be created in the "IAM Access Key" tab. These will only have access to the bucket called example.

IAM-Policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
    "Sid": "VisualEditor0",
    "Effect": "Allow",
    "Action": ["s3:ListAllMyBuckets"],
    "Resource": "*"
    },
    {
    "Sid": "VisualEditor1",
    "Effect": "Allow",
    "Action": "s3:*",
    "Resource": ["arn:aws:s3:::example","arn:aws:s3:::example/*"]
    }
  ]
}

This policy allows the connected user to list all buckets and any S3 operations on the bucket example (arn:aws:s3:::example) and all objects below it (arn:aws:s3:::example/*).

For further information on how IAM works and what it can do, please consult the Amazon documentation: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html