Something like this should work to allow User1 to only access User1's folder:
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AllowUserToSeeBucketListInTheConsole",
"Action": ["s3:ListAllMyBuckets", "s3:GetBucketLocation"],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::*"]
},
{
"Sid": "AllowRootAndHomeListingOfCompanyBucket",
"Action": ["s3:ListBucket"],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::my-company"],
"Condition":{"StringEquals":{"s3:prefix":["","/"],"s3:delimiter":["/"]}}
},
{
"Sid": "AllowListingOfUserFolder",
"Action": ["s3:ListBucket"],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::my-company"],
"Condition":{"StringLike":{"s3:prefix":["user1/*"]}}
},
{
"Sid": "AllowAllS3ActionsInUserFolder",
"Effect": "Allow",
"Action": ["s3:*"],
"Resource": ["arn:aws:s3:::user1/*"]
}
]
}
I have taken the above piece of code from this article - Writing IAM Policies: Grant Access to User-Specific Folders in an Amazon S3 Bucket
Apply that as User1's policy, and then only User1 should be able to access the user1/ folder.If you substitute User2 for User1 in User2's policy, User2 should only be able to access the user2/folder.
I hope this was helpful.