AWS::S3::BucketPolicy – Example with a role

This grants access for a bucket to a role. The key is to get the ARN correct.

  VideoBucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref VideoBucket
      PolicyDocument:
        Statement:
          - Action:
              - "s3:Put*"
            Effect: "Allow"
            Resource:
              Fn::Join:
                - ""
                - - "arn:aws:s3:::"
                  - Ref: VideoBucket
                  - "/*"
            Principal:  
              AWS:
                - !Sub "arn:aws:iam::${AWS::AccountId}:role/${UnauthenticatedUserRole}"

Leave a Reply

Your email address will not be published. Required fields are marked *