Sample Bucket Policy using Policy Builder
The following screenshots represent the options to select to create the bucket policy (see JSON below) mentioned in this example.
{
"Id": "sample-bucket-policy",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1713336710809",
"Principal": {
"AWS": [
"arn:primary:default:group:group1"
]
},
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:DeleteBucketPolicy",
"s3:DeleteObject",
"s3:DeleteObjectTagging"
],
"Resource": [
"arn:aws:s3:::${bucket}/*"
],
"Effect": "Allow"
},
{
"Sid": "Statement1713337230508",
"Principal": {
"AWS": [
"arn:primary:default:group:group1"
]
},
"Action": [
"s3:AbortMultipartUpload"
],
"Resource": [
"arn:aws:s3:::${bucket}/*"
],
"Effect": "Deny"
}
]
}
The aforementioned bucket policy allows all users in group1 to create bucket,
delete bucket, delete bucket policy, delete objects in the bucket, and delete
objects, and delete object tagging. The policy disallows or denies permission to
abort a multi-part upload of file to the bucket. The ${bucket}
keyword is a placeholder that the system automatically replaces with the bucket
name.