configurations/IAM/user_deny_explicitly_all_excluding_bucket.json

25 lines
613 B
JSON

{
"Statement": [
{
"NotResource": [
"arn:aws:s3:::bucket-name/*",
"arn:aws:s3:::bucket-name"
],
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Effect": "Deny"
},
{
"NotResource": [
"arn:aws:s3:::bucket-name/*",
"arn:aws:s3:::bucket-name"
],
"Action": "s3:*",
"Effect": "Deny"
}
],
"Version": "2012-10-17"
}