Preventing users from running mkdir in an S3 bucket - Amazon Transfer Family
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Preventing users from running mkdir in an S3 bucket

You can limit users' ability to create a directory in an Amazon S3 bucket. To do so, you create an IAM policy that allows the s3:PutObject action but also denies it when the key ends with a "/" (forward slash). The following example policy allows users to upload files to an Amazon S3 bucket but denies the mkdir command in the Amazon S3 bucket.

{
   "Sid":"DenyMkdir",
   "Action":[
      "s3:PutObject"
   ],
   "Effect":"Deny",
   "Resource":[
      "arn:aws-cn:s3:::DOC-EXAMPLE-BUCKET/*/",
      "arn:aws-cn:s3:::DOC-EXAMPLE-BUCKET/*/*"
    ]
}
Note

The second resource line makes it impossible for users to create sub-folders by running a command such as put my-file DOC-EXAMPLE-BUCKET/new-folder/my-file.