Skip to main content

PolicyStatement

A permission statement within a policy document.

Sidstring

Optional identifier for the statement

Effectstringrequired

Whether this statement allows or denies the specified actions

Possible values: [Allow, Deny]

Actionstring[]required

S3 actions to allow or deny. Common actions: s3:GetObject, s3:PutObject, s3:DeleteObject, s3:ListBucket, s3:*. See supported actions.

Resourcestring[]required

S3 resource ARNs. Use arn:aws:s3:::bucket for bucket-level and arn:aws:s3:::bucket/prefix/* for prefix-scoped access.

Conditionobject

Optional conditions (IP, time-based). See condition examples.

PolicyStatement
{
  "Sid": "string",
  "Effect": "Allow",
  "Action": [
    "string"
  ],
  "Resource": [
    "string"
  ],
  "Condition": {}
}