Principal: The account or user for whom you want to allow or deny access to resources
Conditions:
Writing a basic bucket policy
The policy will have the following structure
{
"Version": "2012-10-17",
"Id": "<any identifier>",
"Statement": [
{
"Sid": "your unique id or name",
"Principal": "* for every one or user arn",
"Action": "s3:<actions at https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html#amazons3-actions-as-permissions>",
"Resources": ["arn of the resource type https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html#amazons3-resources-for-iam-policies"],
//https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html#amazons3-policy-keys
"Conditions": {
"condition": {
"condition-key": "value"
}
}
}
]
}
Lets write a policy which denies access to s3 bucket from as specific vpc. Below are the id’s specific to my account
vpc: vpc-e510649d
Buckets: qts3forlearning
Note for the other buckets this vpc should have an access