2017/09/24/aws-lambda-notprincipal - workingexample.json

workingexample.json

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DenyObjectDeleteWithWhitelist",
            "Effect": "Deny",
            "NotPrincipal": {
                "AWS": [
                    "arn:aws:iam::123456789012:role/my-lambda-role",
                    "arn:aws:sts::123456789012:assumed-role/my-lambda-role/my-lambda-function"
                ]
            },
            "Action": "s3:DeleteObject",
            "Resource": "arn:aws:s3:::mybucket/*"
        }
    ]
}