I have a specific folder in my bucket that I would like to restrict to only certain file types. I currently have the following:
{
"Version": "2012-10-17",
"Id": "Policy1464968545158",
"Statement": [
{
"Sid": "Stmt1464968483619",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::my-bucket/my-folder/*"
]
"Condition": {
"StringNotEquals": {
"s3:prefix": ".txt",
"s3:prefix": ".doc"
}
},
}
]
}
I need something to replace s3:prefix so that instead of looking at the beginning of the file and path, the system is looking at the end. I tried s3:suffix, but this isn't a valid property.
Is there a S3 property that does a wildcard search at the end of the file name so I can whitelist only certain file types for my folder?
You should be able to define it in the Resource using wildcard. Use Effect: Allow if you want folder to be restricted to .txt and .doc only.
{
"Version": "2012-10-17",
"Id": "Policy1464968545158",
"Statement": [
{
"Sid": "Stmt1464968483619",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::my-bucket/my-folder/*.doc",
"arn:aws:s3:::my-bucket/my-folder/*.txt"
]
}
]
}