By using AWS re:Post, you agree to the Terms of Use
/Cloudformation - Check if S3 folder exists and apply policy to the specific folder/

Cloudformation - Check if S3 folder exists and apply policy to the specific folder

0

Hello: I am writing a cloudformation template to create an S3 bucket. This S3 bucket can have multiple folders created programmatically. So I want to apply a bucket policy that checks if a specific folder exists and allow only specific file types. For ex, if there is an S3 bucket called 'my-test-s3' with nested folders /folder1/folder2/pdf, I want to check if the folder 'pdf' exists. If it does, only allow for file types of *.pdf in this folder. How do I write the bucket policy for this using cloudformation template? I tried this below. However, this prevents creation of any folders inside my 'S3Bucket'. I am looking for some guidance on this.

Sid: Stmt1631632005699 Effect: Deny Principal: AWS: !Sub 'arn:aws:iam::${AWS::AccountId}:root/' Action: - 's3:PutObject' NotResource: - !Sub arn:aws:s3:::${S3Bucket}///pdf/*.pdf

1 Answers
0
Accepted Answer

Something like this:

{
  "Id": "Policy1649706507409",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1649706435908",
      "Action": [
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::mybucket/*.pdf",
      "Condition": {
        "StringLike": {
          "s3:prefix": "pdf/"
        }
      },
      "Principal": "*"
    },
    {
      "Sid": "Stmt1649706506153",
      "Action": [
        "s3:PutObject"
      ],
      "Effect": "Deny",
      "NotResource": "arn:aws:s3:::mybucket/*.pdf",
      "Condition": {
        "StringLike": {
          "s3:prefix": "pdf/"
        }
      },
      "Principal": "*"
    }
  ]
}
EXPERT
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions