{
"Version": "2012-10-17",
"Id": "MyPolicy",
"Statement": [
{
"Sid": "Stmt1",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::examplebucket",
"Principal": {
"AWS": "*"
}
},
{
"Sid": "Stmt2",
"Effect": "Deny",
"NotAction": [
"ec2:*",
"s3:*",
"rds:*"
],
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:s3:*:*:bucket/*",
"arn:aws:rds:*:*:db/*"
],
"Principal": {
"AWS": [
"arn:aws:iam::123456789012:root",
"arn:aws:iam::123456789012:user/*"
],
"CanonicalUser": [
"d04207a7d9311e77f5837e0e4f4b025322bf2f626f0872c85be8c6bb1290c88b",
"2cdb0173470eb5b200f82c8e1b51a88562924cda12e2ccce60d7f00e1567ee7c"
],
"Federated": [
"dacut@kanga.org"
],
"Service": [
"ec2.amazonaws.com",
"edgelambda.amazonaws.com",
"lambda.amazonaws.com"
]
},
"Condition": {
"DateGreaterThan": {
"aws:CurrentTime": "2012-10-17T00:00:00Z"
},
"StringEqualsIfExists": {
"aws:userid": [
"dacut",
"dacut2"
]
}
}
}
]
}