Links#
S3 vpcendpoint#
Bucket policy#
{
"Version":"2012-10-17",
"Id": "Policy1415115909152",
"Statement": [
{
"Sid": "Deny-insecure-transport",
"Principal": "*",
"Action": "s3:*",
"Effect": "Deny",
"Resource": ["arn:aws:s3:::amzn-s3-demo-bucket",
"arn:aws:s3:::amzn-s3-demo-bucket/*"],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
},
{
"Sid": "Deny-post-and-presigned-requests",
"Principal": "*",
"Action": "s3:GetObject",
"Effect": "Deny",
"Resource": ["arn:aws:s3:::amzn-s3-demo-bucket/*"],
"Condition": {
"StringNotEquals": {
"s3:authType": "REST-HEADER"
}
}
},
{
"Sid": "Deny-If-Principal-Type-Is-Null",
"Principal": "*",
"Action": "s3:*",
"Effect": "Deny",
"Resource": ["arn:aws:s3:::amzn-s3-demo-bucket",
"arn:aws:s3:::amzn-s3-demo-bucket/*"],
"Condition": {
"Null": {
"aws:principaltype": "true"
}
}
},
{
"Sid": "Deny-If-Principal-Type-Is-Anonymous",
"Principal": "*",
"Action": "s3:*",
"Effect": "Deny",
"Resource": ["arn:aws:s3:::amzn-s3-demo-bucket",
"arn:aws:s3:::amzn-s3-demo-bucket/*"],
"Condition": {
"StringLike": {
"aws:principaltype": "Anonymous"
}
}
},
{
"Sid": "Deny-AWS-Account",
"Principal": "*",
"Action": "s3:Get*",
"Effect": "Deny",
"Resource": ["arn:aws:s3:::amzn-s3-demo-bucket",
"arn:aws:s3:::amzn-s3-demo-bucket/*"],
"Condition": {
"StringNotEquals": {
"aws:principaltype": "<your-aws-account>"
}
}
},
{
"Sid": "Access-to-specific-VPCE-only",
"Principal": "*",
"Action": "s3:*",
"Effect": "Deny",
"Resource": ["arn:aws:s3:::amzn-s3-demo-bucket",
"arn:aws:s3:::amzn-s3-demo-bucket/*"],
"Condition": {
"StringNotEquals": {
"aws:SourceVpce": "vpce-0abcdef1234567890"
}
}
}
]
}