Can we allow getObject with bucket policy using "Effect": "Deny" and condition

0

My policy role is below JSON format code

{ "Version": "2008-10-17", "Statement": [ { "Sid": "AllowPublicRead", "Effect": "Deny", "Principal": { "AWS": "" }, "Action": [ "s3:GetObject", "s3:PutObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::ABC_123", "arn:aws:s3:::ABC_123/" ], "Condition": { "StringNotLike": { "aws:Referer": [ "http://www.training.sedarspine.com/", "http://training.sedarspine.com/", "https://www.training.sedarspine.com/", "https://training.sedarspine.com/", "https://sedarspine.com/", "https://www.sedarspine.com/", "https://burtlan.sedarspine.com/", "https://www.burtlan.sedarspine.com/", "https://sedarglobal.com/", "https://www.sedarglobal.com/", "https://live.sedarglobal.com/", "https://www.live.sedarglobal.com/", "http://live.sedarglobal.com/", "http://www.live.sedarglobal.com/", "https://test.sedarglobal.com/", "https://www.test.sedarglobal.com/", "http://localspine.com/", "https://localspine.com/", "http://www.localspine.com/", "https://login.burtlan.com/", "https://sc.sedarglobal.com/", "http://sc.sedarglobal.com/", "https://spinebusiness.com/", "http://spinebusiness.com/", "http://localburtlan.com/", "http://pre.sedarglobal.com/", "https://pre.sedarglobal.com/", "https://localspine.test/", "http://132.1.0.105:3000/", "http://dxb.sedarspine.com/", "https://dxb.sedarspine.com/", "https://sedaruae.homeip.net/", "http://localhost:3000/" ] } } }, { "Sid": "AllowPublicRead-1", "Effect": "Allow", "Principal": "", "Action": [ "s3:GetObject", "s3:PutObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::ABC_123", "arn:aws:s3:::ABC_123/*" ] } ] }

asked 2 months ago11 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions