Syntax of a s3 bucket policy to wildcard SourceArn condition

Question

This is the format of a bucket policy generated with a CloudFront using origin access:

```
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "cloudfront.amazonaws.com"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::something-s3bucketroot-something/*",
            "Condition": {
                "StringEquals": {
                    "AWS:SourceArn": "arn:aws:cloudfront::0123456789:distribution/ABCDEFGHI"
                }
            }
        }
```
Is there a way to wildcard the SourceArn to allow for any distributions from the account?
I tried "StringLike" and left off the distribution ID but that didn't seem to work.
Alternatively, if that's not possible, is there a way to use an OR condition on multiple values on the conditional?

Accepted Answer

Yes this works. You need to use splat (wildcard)

`"AWS:SourceArn": "arn:aws:cloudfront::0123456789:distribution/*" `

Syntax of a s3 bucket policy to wildcard SourceArn condition

相關內容