Refer to the following policy to prevent the user from downloading or listing objects for specific folders only. I created a policy that allows me to list only the objects folder1 and folder2, and also allows me to put the object in folder1 and prevent downloading to other folders of buckets. The policy operates as follows: 1. Insert all folders with a bucket 2.List objects and folders of allowed folders 3. Uploads files only to allowed folders
{"Version": "2012-10-17", "Approval": [{"Sid": "AllowUserToSeeBucketListInTheConsole", "Action": ["s3: ListAllMyBuckets", "S3: GetBucketLocation"], "Effect": " Allow "," Resource ": [" ARN: AWS: s3: "]}, {" Sid ":" AllowListingOfFolder1And2 "," Action ": [" S3: "]," Effect ":" Reject "," Resource " : ["ARN: AWS: s3: bucketname"], "Status": {"StringNotLike": {"s3: prefix": ["Folder1 /", "Folder2 /"]}, "StringLike": {"s3: prefix ":" ""}}}, {"Sid": "Allow fetching "," Effect "," Reject "," Action ":" s3: PutObject "," NotResource ":" arn: aws: s3: bucketname / folder1 / "}]}