AWS IAM S3 read/write only policy

s3_read_only_policy.json

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation",
        "s3:GetObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::my-app-builds",
        "arn:aws:s3:::my-app-builds/*"
      ]
    }
  ]
}

s3_write_only_policy.json

{
  "Statement": [
    {
      "Action": [
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::my-app-builds"
      ]
    },
    {
      "Action": [
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::my-app-builds/*"
      ]
    }
  ]
}

s3_write_only_policy.json. Seems like you can just combine these. Resource is a list, so it can looks like this:

{
  "Statement": [
    {
      "Action": [
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::my-app-builds/*",
        "arn:aws:s3:::my-app-builds"
      ]
    }
  ]
}