You can either use Object policy or AWS Identity and Access Management (IAM) Policies: You can create an IAM policy that restricts the file types for uploading. Configure the policy to the IAM user or group that need restricted access. i.e this allows only PDF files
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowSpecificFileTypes", "Effect": "Deny", "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Resource": "arn:aws:s3:::your-bucket-name/*", "Condition": { "StringNotEquals": { "s3:x-amz-meta-file-type": [ "application/pdf" ] } } } ] }
Try out this and let me us know
What if an object name is not <name>.extension
but just name
e.g. example
? Is this policy just useless then? If yes, how to make this policy "stronger"?
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Relevant content
- asked 3 months ago
- Accepted Answerasked 9 months ago
- asked 5 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 months ago