How to restrict a S3 bucket to certain group of users. Edit the bucket policy and add the following.
{
"Version": "2012-10-17",
"Id": "bucketPolicy",
"Statement": [
{
"Effect": "Deny",
"NotPrincipal": {
"AWS": "arn:aws:iam::xxxxxxxxxx:user/username",
"AWS": "arn:aws:iam::xxxxxxxxxx:root",
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::bucketname",
"arn:aws:s3:::bucketname/*"
]
}
]
}
Replace xxxxxxxxxx with your AWS account number.
Replace bucketname with your S3 bucket.
Replace username with your IAM user.
Root is your AWS root account.
Accounts must be valid.