A policy that denies any access to the S3 bucket that is not encrypted in-transit (uses HTTP instead of HTTPS).
CloudFormationTerraformAWS CLI
By Implementation
Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubNetwork FirewallAmazon MacieBilling and Cost ManagementS3 Bucket PoliciesCloudWatch Alarms and Event RulesLogging & Monitoring ConfigurationsAWS WAFBackups & DRAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM Policies
By Service Protected
Configuration Packages
Strategy Guides
By Service Protected
By Implementation
Service Control Policies
Config Rules
Auto Remediation Rules
Conformance Packs
Amazon GuardDuty
Amazon Inspector
AWS Security Hub
Network Firewall
Amazon Macie
Billing and Cost Management
S3 Bucket Policies
CloudWatch Alarms and Event Rules
Logging & Monitoring Configurations
AWS WAF
Backups & DR
AWS Systems ManagerSecurity Groups & NACLs
AWS KMS
IAM PoliciesConfiguration Packages
Strategy Guides
S3 Bucket Policies
A repository of AWS S3 Bucket policy templates and examples including customizable CloudFormation and AWS CLI scripts.
S3
A policy that denies an S3 bucket or any uploaded object with the attribute x-amz-acl having the values public-read, public-read-write, or authenticated-read. This means authenticated users cannot change the bucket's policy to public read or upload objects to the bucket if the objects have public permissions.
CloudFormationTerraformAWS CLI
A policy that grants permissions to any user to perform any Amazon S3 operations on objects in the specified bucket. However, the request must originate from the range of IP addresses specified in the condition.
CloudFormationTerraformAWS CLI
A policy that allows s3:GetObject permission with a condition, using the aws:referer key, that the get request must originate from specific webpages.
CloudFormationTerraformAWS CLI
A policy that denies any Amazon S3 operation on the bucket if the request is not MFA authenticated.
CloudFormationTerraformAWS CLI
A policy that denies any requests to read objects in an S3 bucket that don't come from a specific Cloudfront distribution. You must specify the canonical user ID for your CloudFront distribution's origin access identity.
CloudFormationTerraformAWS CLI
A policy that grants the s3:GetObject permission to any public anonymous user.
CloudFormationTerraformAWS CLI
An S3 Bucket policy grants access to AWS Config to store its history files and snapshots on the S3 bucket.
CloudFormationTerraformAWS CLI
An S3 Bucket policy grants access to AWS CloudTrail to deliver log files to the S3 bucket.
CloudFormationTerraformAWS CLI
An S3 Bucket policy grants access to AWS Config and AWS CloudTrail to deliver log files to the S3 bucket.
CloudFormationTerraformAWS CLI
An S3 Bucket policy that denies all access to the bucket if the specified VPC is not being used to access the S3 bucket.
CloudFormationTerraformAWS CLI
An S3 Bucket policy that denies all access to the bucket if the specified VPC endpoint is not being used to access the S3 bucket.
CloudFormationTerraformAWS CLI
An S3 Bucket policy that allows all AWS accounts that belong to the specified AWS organization access to read all objects in the S3 bucket.
CloudFormationTerraformAWS CLI
An S3 Bucket policy that grants permissions to specific IAM users to perform any Amazon S3 operations on objects in the specified bucket, and denies all other IAM principals.
CloudFormationTerraformAWS CLI
An S3 Bucket policy that grants permissions to a specific IAM roles to perform any Amazon S3 operations on objects in the specified bucket, and denies all other IAM principals.
CloudFormationTerraformAWS CLI