Professional Documents
Culture Documents
operations that you will allow (or deny) by using action keywords. For a complete
actions.html
when you want to make sure that a user can't access the resources.
The Principle is the Account or User that has access to the actions and resources
bucket-user-policy-specifying-principal-intro.html
Conditions: You can use AWS-wide and AWS-specific-keys to set the Conditions for
https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html
{
"Version": "2012-10-17",
"Id": "ExamplePolicy01",
"Statement": [
{
"Sid": "ExampleStatement01",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::Account-ID:user/Dave"
},
"Action": [
"s3:GetObject",
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::examplebucket/*",
"arn:aws:s3:::examplebucket"
]
}
]
}
Permissions and IAM JSON Policy Reference in the IAM User Guide.
Condition wide and Condition specific keys, are much more in depth enabling you
s3-policy-keys.html#object-keys-in-amazon-s3-policies