- Newest
- Most votes
- Most comments
Yes, you can create an IAM policy that allows the user to delete files and folders under the three specific directories, but denies the user from deleting the three main folders. Here's an example policy that you can modify to fit your specific requirements:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowDeletingUnderSpecificDirectories", "Effect": "Allow", "Action": [ "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:DeleteObjectTagging" ], "Resource": [ "arn:aws:s3:::<your-bucket>/Public/", "arn:aws:s3:::<your-bucket>/Archive/", "arn:aws:s3:::<your-bucket>/Error/" ] }, { "Sid": "DenyDeletingMainFolders", "Effect": "Deny", "Action": [ "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:DeleteBucketWebsite", "s3:DeleteBucketTagging", "s3:DeleteBucketAnalyticsConfiguration", "s3:DeleteBucketEncryption", "s3:DeleteBucketInventoryConfiguration", "s3:DeleteBucketLifecycle", "s3:DeleteBucketMetricsConfiguration", "s3:DeleteBucketReplication", "s3:DeleteBucketPublicAccessBlock", "s3:DeleteAccessPoint", "s3:DeleteJobTagging" ], "Resource": [ "arn:aws:s3:::<your-bucket>", "arn:aws:s3:::<your-bucket>/" ], "Condition": { "StringEquals": { "s3:prefix": [ "Public/", "Archive/", "Error/" ] } } } ] }
Relevant content
- asked 7 months ago
- asked 3 years ago
- asked 3 years ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
