Menu
Is there a way to define a S3 bucket policy to enforce standard storage class? I want to prevent users from creating objects with reduced redundancy storage class.
566
You can now use a condition in an S3 bucket policy to constrain the creation of S3 objects (using PutObject) to specific storage classes.
The current version of the AWS documentation has an example - Restrict object uploads to objects with a specific storage class.
Suppose Account A owns a bucket and the account administrator wants to restrict Dave, a user in Account A, to be able to only upload objects to the bucket that will be stored with the
STANDARD_IAstorage class. The Account A administrator can accomplish this by using thes3:x-amz-storage-classcondition key as shown in the following example bucket policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "statement1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::AccountA-ID:user/Dave"
},
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::examplebucket/*"
],
"Condition": {
"StringEquals": {
"s3:x-amz-storage-class": [
"STANDARD_IA"
]
}
}
}
]
}
Your values for Principal and Resource would be specific to your users and S3 bucket(s). The Condition constraint would need to change to STANDARD.
155
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
