1. Public access, allow all users, single action { "Version": "2012-10-17", "Statement": [ { "Sid": "PublicReadGetObject", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::[bucket-name]/*" } ] } 2. Privacy access, single principal, multiple actions { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1563788613450", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::[account-id]:user/[username]" }, "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::[bucket-name]/*" } ] } 3. Privacy access, multiple principals { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1563788613450", "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam::[account-id-1]:user/username-1", "arn:aws:iam::[account-id-2]:user/username-2" ] }, "Action": "s3:DeleteObject", "Resource": "arn:aws:s3:::[bucket-name]/*" } ] }