‹ Return to How tos

IAM policy to manage buckets in Amazon Lightsail

Last updated: July 14, 2021

The following policy grants a user access to manage a specific bucket in the Amazon Lightsail object storage service. This policy grants access to buckets through the Lightsail console, the AWS Command Line Interface (AWS CLI), AWS API, and AWS SDKs. In the policy, replace <BucketName> with the name of the bucket to manage. For more information about IAM policies, see Creating IAM policies in the AWS Identity and Access Management User Guide. For more information about creating IAM users and user groups, see Creating your first IAM delegated user and user group in the AWS Identity and Access Management User Guide.

Important

Users who don't have this policy will experience errors when viewing the Objects tab of the bucket management page in the Lightsail console.

{
 "Version": "2012-10-17",
 "Statement": [
 {
 "Sid": "LightsailAccess",
 "Effect": "Allow",
 "Action": "lightsail:*",
 "Resource": "*"
 },
 {
 "Sid": "S3BucketAccess",
 "Effect": "Allow",
 "Action": "s3:*",
 "Resource": [
 "arn:aws:s3:::<BucketName>/*",
 "arn:aws:s3:::<BucketName>"
 ]
 }
 ]
}

Managing buckets and objects in Lightsail

These are the general steps to manage your Lightsail object storage bucket:

  1. Learn about objects and buckets in the Amazon Lightsail object storage service. For more information, see Object storage in Amazon Lightsail.

  2. Learn about the names that you can give your buckets in Amazon Lightsail. For more information, see Bucket naming rules in Amazon Lightsail.

  3. Get started with the Lightsail object storage service by creating a bucket. For more information, see Creating buckets in Amazon Lightsail.

  4. Learn about security best practices for buckets and the access permissions that you can configure for your bucket. You can make all objects in your bucket public or private, or you can choose to make individual objects public. You can also grant access to your bucket by creating access keys, attaching instances to your bucket, and granting access to other AWS accounts. For more information, see Security Best Practices for Amazon Lightsail object storage and Understanding bucket permissions in Amazon Lightsail.

    After learning about bucket access permissions, see the following guides to grant access to your bucket:

  5. Create an IAM policy that grants a user the ability to manage a bucket in Lightsail. For more information, see IAM policy to manage buckets in Amazon Lightsail.

  6. Learn about the way that objects in your bucket are labeled and identified. For more information, see Understanding object key names in Amazon Lightsail.

  7. Learn how to upload files and manage objects in your buckets. For more information, see the following guides.

  8. Enable object versioning to preserve, retrieve, and restore every version of every object stored in your bucket. For more information, see Enabling and suspending object versioning in a bucket in Amazon Lightsail.

  9. After enabling object versioning, you can restore previous versions of objects in your bucket. For more information, see Restoring previous versions of objects in a bucket in Amazon Lightsail.

  10. Monitor the utilization of your bucket. For more information, see Viewing metrics for your bucket in Amazon Lightsail.

  11. Configure an alarm for bucket metrics to be notified when the utilization of your bucket crosses a threshold. For more information, see Creating bucket metric alarms in Amazon Lightsail.

  12. Change the storage plan of your bucket if it's running low on storage and network transfer. For more information, see Changing the plan of your bucket in Amazon Lightsail.

  13. Learn how to connect your bucket to other resources. For more information, see the following tutorials.

  14. Delete your bucket if you're no longer using it. For more information, see Deleting buckets in Amazon Lightsail.