Hello,
I have some S3 bucket that has a lifecycle, after 30 days they change the storage class to Glacier. Once they are in Glacier, I need to prevent them from being accidentally deleted by specific users, that is, only one user group (group A) could delete and another group not (group B).
I was trying some policies: I can prevent group B from deleting files:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Deny",
"Action": [
"s3: DeleteObject"
],
"Resource": "arn: aws: s3 ::: XXXXXXXXXXXXXXX / *"
}
]
}
With this policy, they cannot delete any files regardless of what type of storage the data are in. I want to prevent them from deleting when lifecycle changes to GLACIER, but when storage is STANDARD, I want to allow users to delete.
How can I make a user group allowed to delete or not according to the type of storage?