By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM PoliciesAmazon ECRRDS Event Subscriptions

By Service Protected

Configuration Packages

Strategy Guides

Other

IAM Policies

Limits Managing to a Specific S3 Bucket and Denies All Other Actions.

An IAM policy that limits managing an S3 bucket by allowing all S3 actions on the specific bucket, but explicitly denying access to every AWS service except Amazon S3. This policy also denies access to actions that can't be performed on an S3 bucket, such as s3:ListAllMyBuckets or s3:GetObject. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.

Premium: 15-minute comprehensive assessment for your AWS Organization and Accounts
Missing Parameters
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::arn:aws:s3:::",
                "arn:aws:s3:::arn:aws:s3:::/*"
            ],
            "Effect": "Allow"
        },
        {
            "NotResource": [
                "arn:aws:s3:::arn:aws:s3:::",
                "arn:aws:s3:::arn:aws:s3:::/*"
            ],
            "Effect": "Deny"
        }
    ]
}

Actions



Customize Template

Policy Parameters

* Required field