Home > Software design >  S3 Bucket upload restriction based on file name and extension
S3 Bucket upload restriction based on file name and extension

Time:07-19

Please check this JSON code and let me know what is wrong? All files gets denied. I need code where certain types of files can be uploaded by the users in the console.

{
"Version": "2012-10-17",
"Id": "Policy1657799010112",
"Statement": [
    {
        "Sid": "Stmt1657798687256",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer1/Latest/*.gz"
    },
    {
        "Sid": "Stmt1657798734526",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Dollar/*.xlsx"
    },
    {
        "Sid": "Stmt1657798779527",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Unit/*.xlsx"
    },
    {
        "Sid": "Stmt1657798829858",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer3/Latest/*.xlsx"
    },
    {
        "Sid": "Stmt1657798856041",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer4/Latest/*.gz"
    },
    {
        "Sid": "Stmt1657798882635",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer5/Latest/*.gz"
    },
    {
        "Sid": "Stmt1657798905766",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/TY/*.xlsx"
    },
    {
        "Sid": "Stmt1657798926711",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/YA/*.xlsx"
    },
    {
        "Sid": "Stmtdeny1657798687256",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer1/Latest/*.gz"
    },
    {
        "Sid": "Stmtdeny1657798734526",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Dollar/*.xlsx"
    },
    {
        "Sid": "Stmtdeny1657798779527",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Unit/*.xlsx"
    },
    {
        "Sid": "Stmtdeny1657798829858",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer3/Latest/*.xlsx"
    },
    {
        "Sid": "Stmtdeny1657798856041",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer4/Latest/*.gz"
    },
    {
        "Sid": "Stmtdeny1657798882635",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer5/Latest/*.gz"
    },
    {
        "Sid": "Stmtdeny1657798905766",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/TY/*.xlsx"
    },
    {
        "Sid": "Stmtdeny1657798926711",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/YA/*.xlsx"
    }
]

}

Need suggestions on limiting upload based on file name as well, For ex: file name starts with Sales_*.gz , which should allow all files with the file name Sales_14072022.gz etc

Thanks

CodePudding user response:

I have solved this on my own.

{
    "Version": "2012-10-17",
    "Id": "Policy1657799010112",
    "Statement": [{
        "Sid": "Stmt1657798687256",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": [
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 1/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Dollar/TrendedDetails-Dollar*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Unit/TrendedDetails-Unit*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/0*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/1*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 4/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 5/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/TY/Start*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/YA/Start*.xlsx"
        ]
    },
    {
        "Sid": "Stmt1657798687256",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": [
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 1/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Dollar/TrendedDetails-Dollar*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Unit/TrendedDetails-Unit*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/0*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/1*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 4/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 5/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/TY/Start*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/YA/Start*.xlsx"
        ]
    }]
}

I used this and only files names based on what i have specified are allowed to be added to the particular folder.

  • Related