Bucket Policy for IAM Policy Simulator Tutorial
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "DenyInsecureCommunications", | |
"Effect": "Deny", | |
"Principal": "*", | |
"Action": "s3:*", | |
"Resource": [ | |
"arn:aws:s3:::<bucket-name>", | |
"arn:aws:s3:::<bucket-name>/*" | |
], | |
"Condition": { | |
"Bool": { | |
"aws:SecureTransport": "false" | |
} | |
} | |
}, | |
{ | |
"Sid": "DenyUnencryptedStorage", | |
"Effect": "Deny", | |
"Principal": "*", | |
"Action": "s3:PutObject", | |
"Resource": "arn:aws:s3:::<bucket-name>/*", | |
"Condition": { | |
"Null": { | |
"s3:x-amz-server-side-encryption": "true" | |
} | |
} | |
}, | |
{ | |
"Sid": "DenyStorageWithoutKMSEncryption", | |
"Effect": "Deny", | |
"Principal": "*", | |
"Action": "s3:PutObject", | |
"Resource": "arn:aws:s3:::<bucket-name>/*", | |
"Condition": { | |
"StringNotEquals": { | |
"s3:x-amz-server-side-encryption": "aws:kms" | |
} | |
} | |
}, | |
{ | |
"Sid": "AllowAllPrincipalsWithinAccount", | |
"Effect": "Allow", | |
"Principal": { | |
"AWS": "<account-ID>" | |
}, | |
"Action": "*", | |
"Resource": "arn:aws:s3:::<bucket-name>" | |
} | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment