Home > Mobile >  AWS s3 bucket multiple StringEquals conditions policy
AWS s3 bucket multiple StringEquals conditions policy

Time:04-05

I have a s3 bucket, that I need bucket policy to allow from AWS organisation IDs. I also want to put another condition for bucket-owner-full-control canned ACL. How can I modify this existing bucket policy to add the bucket-owner-full-control canned ACL?. Bucket policy is not allowing to add another StringEquals condition block.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowOrgToPutObjects",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:PutObject",
                "s3:ListBucket",
            ],
            "Resource": [
                "arn:aws:s3:::my-bucket",
                "arn:aws:s3:::my-bucket/*"
            ],
            "Condition": {
                "StringEquals": {
                    "aws:PrincipalOrgID": [
                        "o-xxxx1",
                        "o-xxxx2"
                    ]
                }
            }
        }
    ]
}

CodePudding user response:

Since you can only have a single StringEquals key in the policy, simply put all of the conditions under the same key:

{

    "Condition": {
        "StringEquals": {
            "aws:PrincipalOrgID": [
                "o-xxxx1",
                "o-xxxx2"
            ],
            "condition2": "myValue"
        }
    }
}

Page link:https//www.codepudding.com/Mobile/361083.html

Prev:How to use an AWS Restore job to a trigger Lambda function
Next:Terraform share common variables for modules
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding