Restrict Bucket To Users

How to restrict a S3 bucket to certain group of users. Edit the bucket policy and add the following.

    "Version": "2012-10-17",
    "Id": "bucketPolicy",
    "Statement": [
            "Effect": "Deny",
            "NotPrincipal": {
                "AWS": "arn:aws:iam::xxxxxxxxxx:user/username",
                "AWS": "arn:aws:iam::xxxxxxxxxx:root",
            "Action": "s3:*",
            "Resource": [

Replace xxxxxxxxxx with your AWS account number.
Replace bucketname with your S3 bucket.
Replace username with your IAM user.
Root is your AWS root account.
Accounts must be valid.