I want only certain file types to be stored on my Amazon Simple Storage Service (Amazon S3) bucket. How can I limit uploads so that my bucket accepts only those file types?

Add statements to your bucket policy that:

  • Allow the s3:PutObject action only for objects that have the extension of the file type that you want
  • Explicitly deny the s3:PutObject action for objects that don't have the extension of the file type that you want
    Note: You need this explicit deny statement to apply the file-type requirement to users with full access to your Amazon S3 resources.

The following example bucket policy allows the s3:PutObject action only for objects with .jpg, .png, or .gif file extensions.

Important: For the first Principal value, list the Amazon Resource Names (ARNs) of the users that you want to grant upload permissions to. For the Resource and NotResource values, be sure to replace bucket-name with the name of your bucket.

{
  "Version": "2012-10-17",
  "Id": "Policy1464968545158",
  "Statement": [
    {
      "Sid": "Stmt1464968483619",
      "Effect": "Allow",
      "Principal": {
        "AWS": "IAM-USER-ARN"
      },
      "Action": "s3:PutObject",
      "Resource": [
        "arn:aws:s3:::bucket-name/*.jpg",
        "arn:aws:s3:::bucket-name/*.png",
        "arn:aws:s3:::bucket-name/*.gif"
      ]
    },
    {
      "Sid": "Stmt1464968483619",
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:PutObject",
      "NotResource": [
        "arn:aws:s3:::bucket-name/*.jpg",
        "arn:aws:s3:::bucket-name/*.png",
        "arn:aws:s3:::bucket-name/*.gif"
      ]
    }
  ]
}

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2019-02-25