{
"Version": "2012-10-17",
"Id": "MyPolicy",
"Statement": [
{
"Sid": "Stmt1",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::examplebucket",
"Principal": {
"AWS": "*"
}
},
{
"Sid": "Stmt2",
"Effect": "Deny",
"Action": [
"ec2:*",
"s3:*",
"rds:*"
],
"NotResource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:s3:*:*:bucket/*",
"arn:aws:rds:*:*:db/*"
],
"NotPrincipal": {
"AWS": [
"arn:aws:iam::123456789012:root",
"arn:aws:iam::123456789012:user/*"
],
"CanonicalUser": [
"2cdb0173470eb5b200f82c8e1b51a88562924cda12e2ccce60d7f00e1567ee7c"
],
"Federated": [
"dacut@kanga.org"
],
"Service": [
"ec2.amazonaws.com",
"edgelambda.amazonaws.com",
"lambda.amazonaws.com"
]
},
"Condition": {
"ArnEquals": {
"aws:SourceArn": "arn:aws:s3:::examplebucket"
},
"ArnEqualsIfExists": {
"aws:TargetArn": "arn:aws:s3:::examplebucket"
},
"ArnLike": {
"aws:SourceArn": "arn:aws:s3:::exa*ebucket"
},
"ArnLikeIfExists": {
"aws:TargetArn": "arn:aws:s3:::exa*ebucket"
},
"ArnNotEquals": {
"aws:SourceArn": "arn:aws:s3:::examplebucket"
},
"ArnNotEqualsIfExists": {
"aws:TargetArn": "arn:aws:s3:::examplebucket"
},
"ArnNotLike": {
"aws:SourceArn": "arn:aws:s3:::exa*ebucket"
},
"ArnNotLikeIfExists": {
"aws:TargetArn": "arn:aws:s3:::exa*ebucket"
},
"BinaryEquals": {
"header": "QmluYXJ5VmFsdWVJbkJhc2U2NA=="
},
"BinaryEqualsIfExists": {
"header": "QmluYXJ5VmFsdWVJbkJhc2U2NA=="
},
"Bool": {
"aws:SecureTransport": "true"
},
"BoolIfExists": {
"aws:SecureTransport": "true"
},
"DateEquals": {
"aws:CurrentTime": "2016-12-31T23:59:59Z"
},
"DateEqualsIfExists": {
"aws:CurrentTime": "2016-12-31T23:59:59Z"
},
"DateGreaterThan": {
"aws:CurrentTime": "2012-10-17T00:00:00Z"
},
"DateGreaterThanEquals": {
"aws:CurrentTime": "2012-10-17T00:00:00Z"
},
"DateGreaterThanEqualsIfExists": {
"aws:CurrentTime": "2012-10-17T00:00:00Z"
},
"DateGreaterThanIfExists": {
"aws:CurrentTime": "2012-10-17T00:00:00Z"
},
"DateLessThan": {
"aws:CurrentTime": "2012-10-17T00:00:00Z"
},
"DateLessThanEquals": {
"aws:CurrentTime": "2012-10-17T00:00:00Z"
},
"DateLessThanEqualsIfExists": {
"aws:CurrentTime": "2012-10-17T00:00:00Z"
},
"DateLessThanIfExists": {
"aws:CurrentTime": "2012-10-17T00:00:00Z"
},
"DateNotEquals": {
"aws:CurrentTime": "2012-10-17T00:00:00Z"
},
"DateNotEqualsIfExists": {
"aws:CurrentTime": "2012-10-17T00:00:00Z"
},
"IpAddress": {
"aws:SourceIp": "::/0"
},
"IpAddressIfExists": {
"aws:SourceIp": "::/0"
},
"NotIpAddress": {
"aws:SourceIp": "0.0.0.0/0"
},
"NotIpAddressIfExists": {
"aws:SourceIp": "0.0.0.0/0"
},
"Null": {
"aws:MultiFactorAuthAge": "true"
},
"NumericEquals": {
"aws:MultiFactorAuthAge": "3600"
},
"NumericEqualsIfExists": {
"aws:MultiFactorAuthAge": "3600"
},
"NumericGreaterThan": {
"aws:MultiFactorAuthAge": "3600"
},
"NumericGreaterThanEquals": {
"aws:MultiFactorAuthAge": "3600"
},
"NumericGreaterThanEqualsIfExists": {
"aws:MultiFactorAuthAge": "3600"
},
"NumericGreaterThanIfExists": {
"aws:MultiFactorAuthAge": "3600"
},
"NumericLessThan": {
"aws:MultiFactorAuthAge": "3600"
},
"NumericLessThanEquals": {
"aws:MultiFactorAuthAge": "3600"
},
"NumericLessThanEqualsIfExists": {
"aws:MultiFactorAuthAge": "3600"
},
"NumericLessThanIfExists": {
"aws:MultiFactorAuthAge": "3600"
},
"NumericNotEquals": {
"aws:MultiFactorAuthAge": "3600"
},
"NumericNotEqualsIfExists": {
"aws:MultiFactorAuthAge": "3600"
},
"StringEquals": {
"aws:PrincipalTag/foo": "bar"
},
"StringEqualsIfExists": {
"aws:PrincipalTag/foo": "bar"
},
"StringEqualsIgnoreCase": {
"aws:PrincipalTag/foo": "bar"
},
"StringEqualsIgnoreCaseIfExists": {
"aws:PrincipalTag/foo": "bar"
},
"StringLike": {
"aws:PrincipalTag/foo": "bar*"
},
"StringLikeIfExists": {
"aws:PrincipalTag/foo": "bar*"
},
"StringNotEquals": {
"aws:PrincipalTag/foo": "bar"
},
"StringNotEqualsIfExists": {
"aws:PrincipalTag/foo": "bar"
},
"StringNotEqualsIgnoreCase": {
"aws:PrincipalTag/foo": "bar"
},
"StringNotEqualsIgnoreCaseIfExists": {
"aws:PrincipalTag/foo": "bar"
},
"StringNotLike": {
"aws:PrincipalTag/foo": "bar*"
},
"StringNotLikeIfExists": {
"aws:PrincipalTag/foo": "bar*"
}
}
}
]
}