A list of S3 bucket policies that help protect S3 buckets. All policies can be customized and combined to create templates that can be deployed using CloudFormation or AWS CLI..
A policy that denies an S3 bucket or any uploaded object with the attribute x-amz-acl having the values public-read, public-read-write, or authenticated-read. This means authenticated users cannot change the bucket's policy to public read or upload objects to the bucket if the objects have public permissions.
A policy that grants permissions to any user to perform any Amazon S3 operations on objects in the specified bucket. However, the request must originate from the range of IP addresses specified in the condition.
A policy that denies any requests to read objects in an S3 bucket that don't come from a specific Cloudfront distribution. You must specify the canonical user ID for your CloudFront distribution's origin access identity.
An S3 Bucket policy that grants permissions to specific IAM users to perform any Amazon S3 operations on objects in the specified bucket, and denies all other IAM principals.
An S3 Bucket policy that grants permissions to a specific IAM roles to perform any Amazon S3 operations on objects in the specified bucket, and denies all other IAM principals.