Displaying the cart policy will allow any user to download ( PutObject ) and Download ( GetObject ) from the specified Amazon S3 bucket.
However, he will not allow listing the bucket, which is most likely necessary for card reduction operations. Therefore, I also recommend granting ListBucket permissions to the bucket itself:
{ "Id": "SomeID", "Statement": [ { "Sid": "SomeID", "Action": [ "s3:GetObject", "s3:ListBucket", "s3:PutObject" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::<bucket-name>", "arn:aws:s3:::<bucket-name>/*" ], "Principal": { "AWS": [ "123456789012" ] } } ] }
In addition, it is not recommended to provide public access to your bucket. Instead, your friend should enter their account number in the Principal field so that you can access the data, but no one can access it.
All of this will make your bucket available , but it will not appear on your Amazon S3 management console and will not be able to "install" the bucket in your own account. However, you can create List, Get, and Put objects.
You can verify this using the AWS Command Line Interface (CLI). Try to specify the contents of the shared storage or copy the file to it:
$ aws s3 ls s3://<bucket-name> $ aws s3 cp file.txt s3://<bucket-name>/file.txt