Objective:

Give an IAM user programmatic access for certain S3 buckets. Note: If you go this route the user will not be able to list all buckets on this AWS account.

This is a great solution if you are a MSP providing backup solutions to S3 compliant storage and you don’t want IAM users from seeing or accessing other customers buckets.

Solution:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::bucket_name"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": ["arn:aws:s3:::bucket_name/*"]
    }
  ]
}

reference: https://aws.amazon.com/blogs/security/writing-iam-policies-how-to-grant-access-to-an-amazon-s3-bucket/