Skip to content

Instantly share code, notes, and snippets.

@sebandgo

sebandgo/aws-s3-bucket-policy-access-to-specific-objects.json

Created October 5, 2021 08:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save sebandgo/3259ec30b9a6e42fae45d400d8ab0e18 to your computer and use it in GitHub Desktop.
Save sebandgo/3259ec30b9a6e42fae45d400d8ab0e18 to your computer and use it in GitHub Desktop.
Download ZIP
AWS S3 Bucket Policy - Access to specific objects
Raw
aws-s3-bucket-policy-access-to-specific-objects.json
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowAccessToSpecificFoldersAndObjects",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::111111111111:user/[iam-username]",
"arn:aws:iam::222222222222:root"
]
},
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::[bucket-name]",
"arn:aws:s3:::[bucket-name]/[folder-1]/*",
"arn:aws:s3:::[bucket-name]/[folder-2]/[sub-folder-2]/*"
]
},
{
"Sid": "DenyAccessToSpecificFoldersAndObjects",
"Effect": "Deny",
"Principal": {
"AWS": [
"arn:aws:iam::111111111111:user/[iam-username]",
"arn:aws:iam::222222222222:root"
]
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::[bucket-name]"
],
"Condition": {
"StringNotLike": {
"s3:prefix": [
"[folder-1]/*",
"[folder-2]/[sub-folder-2]/*"
]
}
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment