Bucket Policy for IAM Policy Simulator Tutorial
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "DenyInsecureCommunications", | |
| "Effect": "Deny", | |
| "Principal": "*", | |
| "Action": "s3:*", | |
| "Resource": [ | |
| "arn:aws:s3:::<bucket-name>", | |
| "arn:aws:s3:::<bucket-name>/*" | |
| ], | |
| "Condition": { | |
| "Bool": { | |
| "aws:SecureTransport": "false" | |
| } | |
| } | |
| }, | |
| { | |
| "Sid": "DenyUnencryptedStorage", | |
| "Effect": "Deny", | |
| "Principal": "*", | |
| "Action": "s3:PutObject", | |
| "Resource": "arn:aws:s3:::<bucket-name>/*", | |
| "Condition": { | |
| "Null": { | |
| "s3:x-amz-server-side-encryption": "true" | |
| } | |
| } | |
| }, | |
| { | |
| "Sid": "DenyStorageWithoutKMSEncryption", | |
| "Effect": "Deny", | |
| "Principal": "*", | |
| "Action": "s3:PutObject", | |
| "Resource": "arn:aws:s3:::<bucket-name>/*", | |
| "Condition": { | |
| "StringNotEquals": { | |
| "s3:x-amz-server-side-encryption": "aws:kms" | |
| } | |
| } | |
| }, | |
| { | |
| "Sid": "AllowAllPrincipalsWithinAccount", | |
| "Effect": "Allow", | |
| "Principal": { | |
| "AWS": "<account-ID>" | |
| }, | |
| "Action": "*", | |
| "Resource": "arn:aws:s3:::<bucket-name>" | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment