I want to have policy that deny access to all buckets except the one that start with a certain naming convention i.e if they start with "xyz". How can i write a policy to do that? The one below works but it throws various warning :
"You choose actions that require the bucket resource type" or "One or more actions may not support this resource" or "The action in your policy do not support resource level permissions and require you to choose all permissions.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets",
"s3:CreateBucket"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:PutBucketPublicAccessBlock",
"s3:PutEncryptionConfiguration",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::xyz*",
"arn:aws:s3:::xyz*/*"
]
}
]
}
Your policy worked perfectly fine for my testing.
I had to fix a few formatting problems in your policy (which I have applied to your question) -- specifically, some curly quotes and an extra comma.
I entered the policy as JSON.