AWS IAM Policy to Provide Specific S3 Bucket and Folder Permission

To grant a user access to a specific folder in your Amazon S3 bucket, use below IAM policy:

 1{
 2    "Version": "2012-10-17",
 3    "Statement": [
 4        {
 5            "Sid": "VisualEditor0",
 6            "Effect": "Allow",
 7            "Action": "s3:GetBucketLocation",
 8            "Resource": "arn:aws:s3:::*"
 9        },
10        {
11            "Sid": "VisualEditor1",
12            "Effect": "Allow",
13            "Action": "s3:ListBucket",
14            "Resource": "arn:aws:s3:::<Bucket-name>",
15            "Condition": {
16                "StringEquals": {
17                    "s3:prefix": [
18                        "",
19						"test-folder/",
20                        "test-folder/sub-test-folder"
21                    ],
22                    "s3:delimiter": "/"
23                }
24            }
25        },
26        
27        {
28            "Sid": "VisualEditor2",
29            "Effect": "Allow",
30            "Action": "s3:ListBucket",
31            "Resource": "arn:aws:s3:::<Bucket-name>",
32            "Condition": {
33                "StringLike": {
34                    "s3:prefix": "test-folder/sub-test-folder/*"
35                }
36            }
37        },
38        {
39            "Sid": "VisualEditor3",
40            "Effect": "Allow",
41            "Action": "s3:ListAllMyBuckets",
42            "Resource": "arn:aws:s3:::*"
43        },
44        {
45            "Sid": "VisualEditor4",
46            "Effect": "Allow",
47            "Action": "s3:*Object",
48            "Resource": [
49                "arn:aws:s3:::<Bucket-name>/test-folder/sub-test-folder/*"
50            ]
51        }
52    ]
53}

Note: *Instead of *Object you can provide, specific object level permission.

I ❤ AWS! Happy Cloud Computing! 🧑‍💻 Enjoy #Cloudkaramchari