Permit User ARN to read/write Specific Folder in S3 Bucket

Jan 21, 2022

0 Comments

Share this article

{{ }} Substitute variables

Adjust the variable values according to your preference.

Policy Code

Referenced from: https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-walkthroughs-managing-access-example3.html

1{
2  "Version": "2012-10-17",
3  "Id": "Permit user ARN to read, write, delete in specific folder",
4  "Statement": [
5    {
6      "Sid": "Permit reading bucket list at this path",
7      "Effect": "Allow",
8      "Principal": {
9        "AWS": "arn:aws:iam::{{user-arn}}:user/{{user-name}}"
10    },
11      "Action": "s3:ListBucket",
12      "Resource": "arn:aws:s3:::{{bucket-name-goes-here}}",
13      "Condition": {
14        "StringLike": {
15          "s3:prefix": "{{folder-name-goes-here}}/*"
16        }
17      }
18    },
19    {
20      "Sid": "Permit read, delete, and write files in specific folder only",
21      "Effect": "Allow",
22      "Principal": {
23        "AWS": "arn:aws:iam::{{user-arn}}:user/{{user-name}}"
24    },
25      "Resource": "arn:aws:s3:::{{bucket-name-goes-here}}/{{folder-name-goes-here}}/*",
26      "Action": [
27        "s3:GetObject",
28        "s3:DeleteObject",
29        "s3:PutObject"
30      ]
31    }
32  ]
33}