S3 Bucket Policies

•

1 like•446 views

Jiří Pihík

Amazon S3 bucket policies starter & overview.

Technology

S3 Bucket Policies
Jiri Pihik
Identity Management, Automation

Users
Instances
Services
Metadata
Configuration
Security
Data
Data read-only
S3 bucket layered permissions
Bucket policy

Metadata
Configuration
Security
Data
Data read-only
~ 46 permissions to define S3 bucket access
s3:PutBucketCORS
s3:PutBucketVersioning
s3:PutBucketWebsite
s3:DeleteBucketWebsite
s3:GetLifecycleConfiguration
s3:PutLifecycleConfiguration
s3:PutReplicationConfiguration
s3:GetReplicationConfiguration
...

Who are
you?
What IP
do you
have?
Is this right time to
access me?

Who are
you?
What IP
do you
have?
Is this right time to
access me? Which parts of me
you can access?
What can you do
here?
Can you set
lifecycle here?
Are you able to
write content?

Example log
0b0fbd7ab5d1058f35535fec64595ed51f7fa26ef77ac8e5d88230898be92e2f my-corp-
bucket [21/Jan/2016:12:47:32 +0000] 125.12.36.95 arn:aws:sts::012345678912:
assumed-role/my-role/pihik 9E15D396E0071675 REST.PUT.OBJECT report.html
"PUT /report.html HTTP/1.1" 200 - - 5134 457 6 "-" "aws-cli/1.9.21 Python/2.7.11
Windows/7 botocore/1.3.21" -
aws-cli s3 upload object

Use cases
● Prevent unauthorized access to your S3 resources
● Enables you to store application configs, secrets in S3 bucket
● Enables development for 3rd parties
● Ensure only users from corp network can access your S3 resources
● S3 static websites
● Enables fine-grained permissions inside bucket - one folder for public access,
another one for internal assets
● Improve your compliance level

{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::my-corp-bucket/reports/*.pdf",
"Condition": {
"IpAddress": {
"aws:SourceIp": "108.72.209.118"
}
}
}
]
}
3rd party vendor access

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::corp-bucket/tools/*",
"Condition": {
"NotIpAddress": {
"aws:SourceIp": [
"125.10.15.0/16",
"125.12.36.95",
"10.0.0.0/24"
]
}
}
}
]
}
restricted access only to corp network

How to read that crazy stuff?!
Deny all S3 actions
on specified resource
IF
ip address IS NOT 125.x.x.x

"Condition" : {
"DateGreaterThan" : {
"aws:CurrentTime" : "2016-02-09T12:00:00Z"
},
"DateLessThan": {
"aws:CurrentTime" : "2016-02-09T15:00:00Z"
},
"IpAddress" : {
"aws:SourceIp" : ["192.0.2.0/24", "203.0.113.0/24"]
}
}
Limited 3rd party bucket access
IP address AND specific time range

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::my-corp-bucket/finance/*",
"Condition": {
"Null": {
"aws:MultiFactorAuthAge": true
}
}
},
{
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::my-corp-bucket/public/*"
}
]
}
require MFA for sensitive data access
folder /public is accessible via internet

Similar to S3 Bucket Policies

(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014

Amazon Web Services

You can now build event-driven applications using Amazon S3 Event Notifications that trigger when objects are transitioned or expired (deleted) with S3 Lifecycle, or moved within the S3 Intelligent-Tiering storage class to its Archive Access or Deep Archive Access tiers. You can also trigger S3 Event Notifications for any changes to object tags or access control lists (ACLs). You can generate these new notifications for your entire bucket, or for a subset of your objects using prefixes or suffixes, and choose to deliver them to Amazon EventBridge, Amazon SNS, Amazon SQS, or an AWS Lambda function.

Amazon s3 adds new s3 event notifications for s3 lifecycle, s3 intelligent ti...

Dhaval Soni

by PD Dutta, Sr. Product Manager, Object Storage, AWS We will explain how to design and build an IoT cloud platform on top of Amazon S3. You will get to review the best practices for architecting a cost-effective, durable, and secure storage solution to store and analyze your IoT data on Amazon S3. In addition, we’ll cover how to collect, ingest and analyze the data in-place using different AWS Services such as AWS IoT, Amazon Kinesis, Amazon Athena, and Amazon Redshift Spectrum.

Building a Data Lake on S3 for IoT Workloads

Amazon Web Services

Streaming services allow you to ingest and analyze events continuously in real time. One of Big Data's principles is to store raw data as long as possible - to be able to answer future questions. If the data is permanently stored in Amazon Simple Storage Service (S3), it can be queried at any time with Amazon Athena without spinning up a database. This session shows step by step how the data should be structured so that both costs and response times are reduced when using Athena. The details and effects of compression, partitions, and column storage formats are compared. Finally, AWS Glue is used as a fully managed service for Extract Transform Load (ETL) to derive optimized views from the raw data for frequently issued queries.

Query your data in S3 with SQL and optimize for cost and performance

AWS Germany

Builders' Day - Best Practises for S3 - BL

Amazon Web Services LATAM

Microsoft Azure News - 2018 March

Daniel Toomey

Using CloudTrail to Enhance Compliance and Governance of S3 - AWS Online Tech...

Amazon Web Services

Microsoft Sentinel Deployment V1.pptx

saadatali65

In this session, we'll discuss the new S3 storage class, S3 One Zone-IA, with detailed demos of how to implement and use single AZ storage to reduce the cost of storing recreatable data like backups, disaster recovery copies, or derived analysis. We'll also talk about the new S3 Select feature, now generally available, that help accelerate applications and analytics by filtering data in place in Amazon S3.

SRV208 S3 One Zone-IA and S3 Select GA

Amazon Web Services

On premises compliance archival systems are expensive to maintain, are isolated IT silos, have very inefficient utilization, and are poorly protected from disaster. In AWS, we provide better infrastructure durability, better physical security, lower cost, and richer features for data access. Consider that many data lakes contain medical records, trading records, and other regulated content. The industry now has the opportunity to execute rich analytics against their data while retaining regulatory compliance.

Compliance-Data-Archival

Amazon Web Services

Accelerated Data Lakes Deep Dive Webinar - Paul Macey

Amazon Web Services

Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...

Amazon Web Services

As your business grows, you gain more and more data. When managed appropriately, you can make this data a strategic asset to your organization. In this session, you'll learn how to use storage management tools for end to end management of your storage, helping you organize, analyze, optimize and protect your data. You'll see how S3 Analytics - Storage Class Analysis helps you set more intelligent Lifecycle Policies to reduce TCO; Object Tagging gives you more management flexibility; Cross-Region Replication provides efficient data movement; Amazon Macie helps you ensure data security; and much more. Then, Paul Fisher, Technical Fellow at Alert Logic, will demonstrate how his organization uses S3 storage management features in their infrastructure.

Deep Dive on Amazon S3 & Amazon Glacier Storage Management - STG311 - re:Inve...

Amazon Web Services

STG311_Deep Dive on Amazon S3 & Amazon Glacier Storage Management

Amazon Web Services

Web scraping in python

Saurav Tomar

With the increasing adoption of DevOps values and practices, customers are struggling with complex administration and availability of their Bitbucket instances. Their biggest blocker? A general lack of understanding of Git and Bitbucket. Join Justin Thomas, Senior Developer for Bitbucket and discover how to design your instance to make optimal use of Git and Bitbucket. You'll explore which metrics to monitor with Bitbucket's built-in capabilities, and best practices for running Bitbucket in AWS.

Bigger, Better Bitbucket: Growing Git with Data Center

Atlassian

(STG401) Amazon S3 Deep Dive & Best Practices

Amazon Web Services

AWS _Course Content.pdf

Multisoft Systems

Understanding Security and Compliance in Microsoft Teams - M365 Saturday Bang...

Chirag Patel

W dzisiejszych czasach powszechną praktyką jest przeprowadzanie okresowych testów bezpieczeństwa lokalnej sieci, jednakże rzadko kiedy właściciele firm decydują się na podobne testy ich środowisk chmurowych. Musimy zrozumieć nowe zagrożenia i ryzyka, które pojawiły się wraz z usługami chmurowymi oraz jak powinniśmy zmienić nasze podejście do ich testowania. Celem mojej prezentacji jest pokazanie konieczności testowania środowiska chmurowego oraz jak bardzo różni się ono od testów środowiska opartego o klasyczną architekturę. W formie dema przedstawię przykładowy atak na firmę wykorzystującą usługi AWS. Wykorzystując podatność w aplikacji webowej, a następnie szereg drobnych zaniedbań w konfiguracji AWS, pokażę jak potencjalny atakujący może krok po kroku przejąć rolę administratora AWS, a następnie usunąć wszystkie dowody swojej aktywności.

PLNOG23 - Paweł Rzepa - Attacking AWS: the full cyber kill chain

PROIDEA

Similar to S3 Bucket Policies (20)

(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014

Amazon s3 adds new s3 event notifications for s3 lifecycle, s3 intelligent ti...

Building a Data Lake on S3 for IoT Workloads

Query your data in S3 with SQL and optimize for cost and performance

Builders' Day - Best Practises for S3 - BL

Microsoft Azure News - 2018 March

Using CloudTrail to Enhance Compliance and Governance of S3 - AWS Online Tech...

Microsoft Sentinel Deployment V1.pptx

SRV208 S3 One Zone-IA and S3 Select GA

Compliance-Data-Archival

Accelerated Data Lakes Deep Dive Webinar - Paul Macey

Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...

Deep Dive on Amazon S3 & Amazon Glacier Storage Management - STG311 - re:Inve...

STG311_Deep Dive on Amazon S3 & Amazon Glacier Storage Management

Web scraping in python

Bigger, Better Bitbucket: Growing Git with Data Center

(STG401) Amazon S3 Deep Dive & Best Practices

AWS _Course Content.pdf

Understanding Security and Compliance in Microsoft Teams - M365 Saturday Bang...

PLNOG23 - Paweł Rzepa - Attacking AWS: the full cyber kill chain

Recently uploaded

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “The Role of Taxonomy and Ontology in Semantic Layers” at a webinar hosted by Progress Semaphore on April 16, 2024. Taxonomies at their core enable effective tagging and retrieval of content, and combined with ontologies they extend to the management and understanding of related data. There are even greater benefits of taxonomies and ontologies to enhance your enterprise information architecture when applying them to a semantic layer. A survey by DBP-Institute found that enterprises using a semantic layer see their business outcomes improve by four times, while reducing their data and analytics costs. Extending taxonomies to a semantic layer can be a game-changing solution, allowing you to connect information silos, alleviate knowledge gaps, and derive new insights. Hedden, who specializes in taxonomy design and implementation, presented how the value of taxonomies shouldn’t reside in silos but be integrated with ontologies into a semantic layer. Learn about: - The essence and purpose of taxonomies and ontologies in information and knowledge management; - Advantages of semantic layers leveraging organizational taxonomies; and - Components and approaches to creating a semantic layer, including the integration of taxonomies and ontologies

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Enterprise Knowledge

In an era where artificial intelligence (AI) stands at the forefront of business innovation, Information Architecture (IA) is at the core of functionality. See “There’s No AI Without IA” – (from 2016 but even more relevant today) Understanding and leveraging how Information Architecture (IA) supports AI synergies between knowledge engineering and prompt engineering is critical for senior leaders looking to successfully deploy AI for internal and externally facing knowledge processes. This webinar be a high-level overview of the methodologies that can elevate AI-driven knowledge processes supporting both employees and customers. Core Insights Include: Strategic Knowledge Engineering: Delve into how structuring AI's knowledge base is required to prevent hallucinations, enable contextual retrieval of accurate information. This will include discussion of gold standard libraries of use cases support testing various LLMs and structures and configurations of knowledge base. Precision in Prompt Engineering: Learn the art of crafting prompts that direct AI to deliver targeted, relevant responses, thereby optimizing customer experiences and business outcomes. Unified Approach for Enhanced AI Performance: Explore the intersection of knowledge and prompt engineering to develop AI systems that are not only more responsive but also aligned with overarching business strategies. Guiding Principles for Implementation: Equip yourself with best practices, ethical guidelines, and strategic considerations for embedding these technologies into your business ecosystem effectively. This webinar is designed to empower business and technology leaders with the knowledge to harness the full potential of AI, ensuring their organizations not only keep pace with digital transformation but lead the charge. Join us to map a roadmap to fully leverage Information Architecture (IA) and AI chart a course towards a future where AI is a key pillar of strategic innovation and business success.

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Earley Information Science

CNv6 Instructor Chapter 6 Quality of Service

giselly40

Sara Mae O’Brien Scott and Tatiana Baquero Cakici, Senior Consultants at Enterprise Knowledge (EK), presented “AI Fast Track to Search-Focused AI Solutions” at the Information Architecture Conference (IAC24) that took place on April 11, 2024 in Seattle, WA. In their presentation, O’Brien-Scott and Cakici focused on what Enterprise AI is, why it is important, and what it takes to empower organizations to get started on a search-based AI journey and stay on track. The presentation explored the complexities of enterprise search challenges and how IA principles can be leveraged to provide AI solutions through the use of a semantic layer. O’Brien-Scott and Cakici showcased a case study where a taxonomy, an ontology, and a knowledge graph were used to structure content at a healthcare workforce solutions organization, providing personalized content recommendations and increasing content findability. In this session, participants gained insights about the following: Most common types of AI categories and use cases; Recommended steps to design and implement taxonomies and ontologies, ensuring they evolve effectively and support the organization’s search objectives; Taxonomy and ontology design considerations and best practices; Real-world AI applications that illustrated the value of taxonomies, ontologies, and knowledge graphs; and Tools, roles, and skills to design and implement AI-powered search solutions.

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Enterprise Knowledge

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Tech Trends Report 2024 Future Today Institute.pdf

hans926745

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Civil Lines Women Seeking Men

Delhi Call girls

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Presentation on how to chat with PDF using ChatGPT code interpreter

naman860154

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

The Raspberry Pi 5 was announced on October 2023. This new version of the popular embedded device comes with a new iteration of Broadcom’s VideoCore GPU platform, and was released with a fully open source driver stack, developed by Igalia. The presentation will discuss some of the major changes required to support this new Video Core iteration, the challenges we faced in the process and the solutions we provided in order to deliver conformant OpenGL ES and Vulkan drivers. The talk will also cover the next steps for the open source Raspberry Pi 5 graphics stack. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://eoss24.sched.com/event/1aBEx

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Igalia

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

How to convert PDF to text with Nanonets

naman860154

Recently uploaded (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Data Cloud, More than a CDP by Matt Robison

Boost Fertility New Invention Ups Success Rates.pdf

[2024]Digital Global Overview Report 2024 Meltwater.pdf

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

CNv6 Instructor Chapter 6 Quality of Service

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Driving Behavioral Change for Information Management through Data-Driven Gree...

GenAI Risks & Security Meetup 01052024.pdf

Tech Trends Report 2024 Future Today Institute.pdf

08448380779 Call Girls In Civil Lines Women Seeking Men

Scaling API-first – The story of a global engineering organization

Presentation on how to chat with PDF using ChatGPT code interpreter

Partners Life - Insurer Innovation Award 2024

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

How to convert PDF to text with Nanonets

S3 Bucket Policies

1. S3 Bucket Policies Jiri Pihik Identity Management, Automation

2. Concepts

3. Users Instances Services Metadata Configuration Security Data Data read-only S3 bucket layered permissions Bucket policy

4. Metadata Configuration Security Data Data read-only ~ 46 permissions to define S3 bucket access s3:PutBucketCORS s3:PutBucketVersioning s3:PutBucketWebsite s3:DeleteBucketWebsite s3:GetLifecycleConfiguration s3:PutLifecycleConfiguration s3:PutReplicationConfiguration s3:GetReplicationConfiguration ...

6. Who are you? What IP do you have? Is this right time to access me?

7. Who are you? What IP do you have? Is this right time to access me? Which parts of me you can access? What can you do here? Can you set lifecycle here? Are you able to write content?

8. Bucket access logging my-s3-log-system

9. Example log 0b0fbd7ab5d1058f35535fec64595ed51f7fa26ef77ac8e5d88230898be92e2f my-corp- bucket [21/Jan/2016:12:47:32 +0000] 125.12.36.95 arn:aws:sts::012345678912: assumed-role/my-role/pihik 9E15D396E0071675 REST.PUT.OBJECT report.html "PUT /report.html HTTP/1.1" 200 - - 5134 457 6 "-" "aws-cli/1.9.21 Python/2.7.11 Windows/7 botocore/1.3.21" - aws-cli s3 upload object

10. Use cases ● Prevent unauthorized access to your S3 resources ● Enables you to store application configs, secrets in S3 bucket ● Enables development for 3rd parties ● Ensure only users from corp network can access your S3 resources ● S3 static websites ● Enables fine-grained permissions inside bucket - one folder for public access, another one for internal assets ● Improve your compliance level

11. DEMO!

12. Example bucket policies

13. { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:PutObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::my-corp-bucket/reports/*.pdf", "Condition": { "IpAddress": { "aws:SourceIp": "108.72.209.118" } } } ] } 3rd party vendor access

14. { "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Principal": "*", "Action": "s3:*", "Resource": "arn:aws:s3:::corp-bucket/tools/*", "Condition": { "NotIpAddress": { "aws:SourceIp": [ "125.10.15.0/16", "125.12.36.95", "10.0.0.0/24" ] } } } ] } restricted access only to corp network

15. How to read that crazy stuff?!

16. How to read that crazy stuff?! Deny all S3 actions on specified resource IF ip address IS NOT 125.x.x.x

17. { "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Principal": "*", "Action": "s3:*", "Resource": "arn:aws:s3:::corp-bucket/tools/*", "Condition": { "NotIpAddress": { "aws:SourceIp": [ "125.10.15.0/16", "125.12.36.95", "10.0.0.0/24" ] } } } ] } DENY ALL S3 ACTIONS ON SPECIFIED RESOURCE IF IP ADDRESS IS NOT 125.x.x.x, OR …OR ...

18. "Condition" : { "DateGreaterThan" : { "aws:CurrentTime" : "2016-02-09T12:00:00Z" }, "DateLessThan": { "aws:CurrentTime" : "2016-02-09T15:00:00Z" }, "IpAddress" : { "aws:SourceIp" : ["192.0.2.0/24", "203.0.113.0/24"] } } Limited 3rd party bucket access IP address AND specific time range

19. { "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Principal": "*", "Action": "s3:*", "Resource": "arn:aws:s3:::my-corp-bucket/finance/*", "Condition": { "Null": { "aws:MultiFactorAuthAge": true } } }, { "Effect": "Allow", "Principal": "*", "Action": [ "s3:GetObject" ], "Resource": "arn:aws:s3:::my-corp-bucket/public/*" } ] } require MFA for sensitive data access folder /public is accessible via internet

S3 Bucket Policies

Recommended

Recommended

More Related Content

Similar to S3 Bucket Policies

Similar to S3 Bucket Policies (20)

Recently uploaded

Recently uploaded (20)

S3 Bucket Policies