codingstuff.io
ExploreTutorialsProblemsCS Subjects
Get Started
ExploreTutorialsProblemsCS Subjects
Get Started
codingstuff.io

Master the art of building software through interactive tutorials, real-world problems, and guided projects.

Pune, Maharashtra, India

codingstuffmail@gmail.com

Product

  • Explore
  • Tutorials
  • Problems
  • CS Subjects

Company

  • About
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • Sitemap

© 2026 codingstuff.io. All rights reserved.

Built with ❤️ for developers everywhere

/
/
All Tutorials
☁️

AWS Cloud

11 / 60 topics
9Introduction to Amazon S310Creating an S3 Bucket11S3 Bucket Policies
Tutorials/AWS Cloud/S3 Bucket Policies
☁️AWS Cloud

S3 Bucket Policies

Updated 2026-04-20
3 min read
import CodeBlock from '@/components/mdx/CodeBlock'
import Tip from '@/components/mdx/Tip'
import Terminal from '@/components/mdx/Terminal'
import OutputBlock from '@/components/mdx/OutputBlock'

export const meta = { title: 'S3 Bucket Policies', description: 'Understanding and configuring policies for S3 buckets.', lastUpdated: '2026-05-15', readTime: '10 min read', order: 11 }

# S3 Bucket Policies

## Introduction

Amazon Simple Storage Service (S3) is a highly scalable object storage service that allows you to store and retrieve any amount of data at any time from anywhere on the web. One of the key features of S3 is its ability to control access to your buckets and objects using bucket policies. These policies are written in JSON format and define permissions for actions such as read, write, delete, and more.

In this tutorial, we will explore how to understand and configure bucket policies for Amazon S3. We'll cover the basics of bucket policies, their structure, and provide practical examples to help you get started.

## Concept

A bucket policy is a JSON document that specifies who can access your S3 buckets and what actions they are allowed to perform. Bucket policies are attached directly to an S3 bucket and apply to all objects within that bucket. They are additive, meaning that if there are multiple policies applied, the most restrictive one will take precedence.

### Key Components of a Bucket Policy

1. **Version**: Specifies the version of the policy language.
2. **Statement**: An array of statements, each defining a set of permissions.
3. **Effect**: Determines whether the statement allows or denies access (`Allow` or `Deny`).
4. **Principal**: The AWS account or user that the policy applies to.
5. **Action**: The actions that are allowed or denied (e.g., `s3:GetObject`, `s3:PutObject`).
6. **Resource**: The S3 bucket and objects that the policy applies to.

### Example Bucket Policy

Here is a basic example of an S3 bucket policy that allows public read access to all objects in the bucket:

<CodeBlock language="json">
{`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::my-bucket/*"
    }
  ]
}`}
</CodeBlock>

In this example:
- **Version**: Specifies the policy language version.
- **Statement**: Contains a single statement that allows public read access to all objects in the `my-bucket` bucket.

## Examples

### Example 1: Allow Public Read Access

Let's create a simple bucket policy to allow public read access to all objects in an S3 bucket named `public-access-bucket`.

<CodeBlock language="json">
{`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::public-access-bucket/*"
    }
  ]
}`}
</CodeBlock>

To apply this policy, you can use the AWS CLI:

<Terminal>
{`aws s3api put-bucket-policy --bucket public-access-bucket --policy file://policy.json`}
</Terminal>

### Example 2: Restrict Access to Specific Users

Suppose you want to restrict access to a specific IAM user. You can create a policy that allows only this user to read and write objects in the bucket.

<CodeBlock language="json">
{`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456789012:user/john-doe"
      },
      "Action": ["s3:GetObject", "s3:PutObject"],
      "Resource": "arn:aws:s3:::restricted-bucket/*"
    }
  ]
}`}
</CodeBlock>

To apply this policy, use the AWS CLI:

<Terminal>
{`aws s3api put-bucket-policy --bucket restricted-bucket --policy file://policy.json`}
</Terminal>

### Example 3: Deny Access to a Specific IP Address

You can also deny access to specific IP addresses. For example, if you want to block access from the IP address `192.168.1.1`, you can create a policy like this:

<CodeBlock language="json">
{`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Deny",
      "Principal": "*",
      "Action": "*",
      "Resource": "arn:aws:s3:::blocked-bucket/*",
      "Condition": {
        "IpAddress": {"aws:SourceIp": "192.168.1.1"}
      }
    }
  ]
}`}
</CodeBlock>

To apply this policy, use the AWS CLI:

<Terminal>
{`aws s3api put-bucket-policy --bucket blocked-bucket --policy file://policy.json`}
</Terminal>

## What's Next?

Now that you have a good understanding of S3 bucket policies and how to configure them, you might want to explore other storage services offered by AWS. The next topic in our curriculum is "Introduction to Amazon RDS," where we will dive into relational database management on the cloud.

Stay tuned for more tutorials and happy coding!

PreviousCreating an S3 BucketNext Introduction to Amazon RDS

Recommended Gear

Creating an S3 BucketIntroduction to Amazon RDS