Web: https://www.reddit.com/r/aws/comments/rzwobw/s3_bucket_policy_to_allow_organizational_access/

Jan. 9, 2022, 5:30 p.m. | /u/PrinceOfWifi

Amazon Web Services (AWS): S3, EC2, SQS, RDS, DynamoDB, IAM, CloudFormation, Route 53, VPC and more reddit.com

Recently set up an organization to manage my company's accounts, but having trouble assigning S3 access to accounts under the org.

The policy I have thus far:

{ “Version”: “2008-10-17”, “Statement”: [ { “Effect”: “Deny”, “Principal”: “”, “Action”: [ “s3:GetObject”, “s3:PutObject” ], “Resource”: “arn:aws:s3:::mybucket/”, “Condition”: { “ForAnyValue:StringNotLike”: { “aws:PrincipalOrgPaths”: “o-myorgid/” } } }, { “Effect”: “Deny”, “Principal”: “”, “Action”: “s3:ListBucket”, “Resource”: “arn:aws:s3:::mybucket”, “Condition”: { “ForAnyValue:StringNotLike”: { “aws:PrincipalOrgPaths”: “o-myorgid/*” } } } ] }

Currently getting 403 errors when trying to make PUTs.

Anybody know of a …

aws policy s3

Cloud Security Engineer

@ Novetta | Arlington, VA

AWS Solutions Architect - FL

@ Amazon.com | US, FL, Virtual Location - Florida

DevOps Engineer, Cloud

@ Hyperscience | Germany

Cloud Infrastructure Architect, Professional Services, Federal Civilian focus

@ Amazon.com | US, MD, Virtual Location - Maryland

DevOps Engineer (Acronis Cyber Files) (w/m/d)

@ Acronis | Munich, Germany

Senior Software Engineer, Cloud Services Offboard Java & Kotlin Infrastructure Engineer

@ Argo AI | Pittsburgh, PA and Metro Detroit, MI and Palo Alto, CA and Cranbury, NJ