Please check this JSON code and let me know what is wrong? All files gets denied. I need code where certain types of files can be uploaded by the users in the console.
{
"Version": "2012-10-17",
"Id": "Policy1657799010112",
"Statement": [
{
"Sid": "Stmt1657798687256",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer1/Latest/*.gz"
},
{
"Sid": "Stmt1657798734526",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Dollar/*.xlsx"
},
{
"Sid": "Stmt1657798779527",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Unit/*.xlsx"
},
{
"Sid": "Stmt1657798829858",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer3/Latest/*.xlsx"
},
{
"Sid": "Stmt1657798856041",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer4/Latest/*.gz"
},
{
"Sid": "Stmt1657798882635",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer5/Latest/*.gz"
},
{
"Sid": "Stmt1657798905766",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/TY/*.xlsx"
},
{
"Sid": "Stmt1657798926711",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/YA/*.xlsx"
},
{
"Sid": "Stmtdeny1657798687256",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer1/Latest/*.gz"
},
{
"Sid": "Stmtdeny1657798734526",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Dollar/*.xlsx"
},
{
"Sid": "Stmtdeny1657798779527",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Unit/*.xlsx"
},
{
"Sid": "Stmtdeny1657798829858",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer3/Latest/*.xlsx"
},
{
"Sid": "Stmtdeny1657798856041",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer4/Latest/*.gz"
},
{
"Sid": "Stmtdeny1657798882635",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer5/Latest/*.gz"
},
{
"Sid": "Stmtdeny1657798905766",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/TY/*.xlsx"
},
{
"Sid": "Stmtdeny1657798926711",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/YA/*.xlsx"
}
]
}
Need suggestions on limiting upload based on file name as well, For ex: file name starts with Sales_*.gz , which should allow all files with the file name Sales_14072022.gz etc
Thanks
I have solved this on my own.
{
"Version": "2012-10-17",
"Id": "Policy1657799010112",
"Statement": [{
"Sid": "Stmt1657798687256",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 1/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Dollar/TrendedDetails-Dollar*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Unit/TrendedDetails-Unit*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/0*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/1*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 4/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 5/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/TY/Start*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/YA/Start*.xlsx"
]
},
{
"Sid": "Stmt1657798687256",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": [
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 1/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Dollar/TrendedDetails-Dollar*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Unit/TrendedDetails-Unit*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/0*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/1*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 4/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 5/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/TY/Start*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/YA/Start*.xlsx"
]
}]
}
I used this and only files names based on what i have specified are allowed to be added to the particular folder.