AWS Policies

[Lab] S3 Bucket Policy Examples - Allow and Deny

When a request is made, the AWS service decides whether a given request should be allowed or denied as follows:

  1. By default, all requests are denied.

  2. An explicit allow (Effect=allow + condition(IpAddress/NotIpAddress)) overrides this default.

  3. An explicit deny (Effect=deny + condition(IpAddress/NotIpAddress)) overrides any allows.


Lab Prerequisites

  • Create a bucket (e.g. buddybucketpolicy) leaving all default selections as is.

[Lab] S3 Bucket Policy Examples - Basic Policies and Use of Principal

[Lab] S3 Bucket Policy Examples - Basic Policies and Use of Principal


Bucket policies determine whether a user, group, or role is authorized to do an operation on a S3 resource. We can specify JSON based bucket policies for your buckets under Permissions tab. To make it easier to create policies, AWS also provides a policy generator.


Lab Prerequisites

AWS Policy Document and Policy Generator

A policy is a document (written in the Access Policy Language) that acts as a container for one or more permission statements. A statement is the formal description of a single permission.  Within a statement you can specify elements such as Effect (allow / Deny), Principal, AWS Services, Actions (e.g. Create Bucket), Amazon Resource Name (ARN) and optionally conditions (e.g. ARN Equals, NotIPAddress).