Skip to content

Instantly share code, notes, and snippets.

@chrisguitarguy

chrisguitarguy/policy.json

Created August 18, 2017 20:07
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save chrisguitarguy/e3525fcc4e5b3c925a00ab7a018a9fe3 to your computer and use it in GitHub Desktop.
Save chrisguitarguy/e3525fcc4e5b3c925a00ab7a018a9fe3 to your computer and use it in GitHub Desktop.
Download ZIP
deny `PutObject` calls without KMS-based server side encryption.
Raw
policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyUnEncryptedOPutObject",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::BUCKET_NAME/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": "aws:kms"
}
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment