Amazon S3: Allows IAM users access to their S3 home directory, programmatically and in the console - Amazon Identity and Access Management
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon S3: Allows IAM users access to their S3 home directory, programmatically and in the console

This example shows how you might create an identity-based policy that allows IAM users to access their own home directory bucket object in S3. The home directory is a bucket that includes a home folder and folders for individual users. This policy defines permissions for programmatic and console access. To use this policy, replace the italicized placeholder text in the example policy with your own information. Then, follow the directions in create a policy or edit a policy.

This policy will not work when using IAM roles because the aws:username variable is not available when using IAM roles. For details about principal key values, see Principal key values.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "S3ConsoleAccess", "Effect": "Allow", "Action": [ "s3:GetAccountPublicAccessBlock", "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:GetBucketPolicyStatus", "s3:GetBucketPublicAccessBlock", "s3:ListAccessPoints", "s3:ListAllMyBuckets" ], "Resource": "*" }, { "Sid": "ListObjectsInBucket", "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws-cn:s3:::bucket-name", "Condition": { "StringLike": { "s3:prefix": [ "", "home/", "home/${aws:username}/*" ] } } }, { "Effect": "Allow", "Action": "s3:*", "Resource": [ "arn:aws-cn:s3:::bucket-name/home/${aws:username}", "arn:aws-cn:s3:::bucket-name/home/${aws:username}/*" ] } ] }