By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM PoliciesVPC Endpoint PoliciesAmazon ECRRDS Event Subscriptions

By Service Protected

Configuration Packages

Strategy Guides

Other

IAM Policies

Allow users to only drop files to a specific folder within an S3 bucket.

An IAM policy that allows write access to a specific folder within an S3 bucket. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.

Premium: 15-minute comprehensive assessment for your AWS Organization and Accounts
Missing Parameters
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "s3:PutObject",
            "Resource": [
                "arn:aws:s3:::arn:aws:s3:::/FOLDER-PATH/*"
            ],
            "Effect": "Allow"
        },
        {
            "Resource": [
                "arn:aws:s3:::arn:aws:s3:::/FOLDER-PATH/*"
            ],
            "Effect": "Deny",
            "NotAction": "s3:PutObject"
        },
        {
            "Action": "s3:*",
            "NotResource": [
                "arn:aws:s3:::arn:aws:s3:::/FOLDER-PATH/*"
            ],
            "Effect": "Deny"
        }
    ]
}

Actions



Customize Template

Policy Parameters

* Required field