Create restrict-access-to-owner.json

iam-vigneshv · Jul 6, 2023 · 35804e0 · 35804e0
1 parent 259add2
commit 35804e0
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/day-9/demos/bucket-policies/restrict-access-to-owner.json b/day-9/demos/bucket-policies/restrict-access-to-owner.json
@@ -0,0 +1,21 @@
+{
+  "Version": "2012-10-17",
+  "Id": "RestrictBucketToIAMUsersOnly",
+  "Statement": [
+    {
+      "Sid": "AllowOwnerOnlyAccess",
+      "Effect": "Deny",
+      "Principal": "*",
+      "Action": "s3:*",
+      "Resource": [
+        "arn:aws:s3:::your-bucket-name/*",
+        "arn:aws:s3:::your-bucket-name"
+      ],
+      "Condition": {
+        "StringNotEquals": {
+          "aws:PrincipalArn": "arn:aws:iam::AWS_ACCOUNT_ID:root"
+        }
+      }
+    }
+  ]
+}