Question

I have created a bucket with cloudformation:

AWSTemplateFormatVersion: "2018-11-09"
Parameters:
  BucketName:  
    Type: String
    Description: "Name for the S3 Bucket"
    Default: "randomnameofbucket"
  S3Bucket:
    Type: "AWS::S3::Bucket"
    Properties:
      AccessControl: "Private"
      BucketName: !Ref BucketName

The bucketPolicy I made is having issues. 

My agenda is :

• A (UserA) can upload to S3
• A (UserA) can NOT DELETE from S3
• All users (in my environment, not public) can read from S3
• All users (in my environment, nob public) can delete from S3

Answer 1

Here is the JSON file I used to work with the S3 Bucket policies.

{
"Version": "2018-11-12",
"Id": "PolicyId123",
"Statement": [
    {
        "Sid": "AllowAccess",
        "Effect": "Allow",
        "Principal":{"AWS":"arn:aws:iam::account-number-without-hyphens:user/user1"},
        "Action": [
            "s3:Get*",
            "s3:List*"
        ],
        "Resource": [
            "arn:aws:s3:::s3_bucket_name",
            "arn:aws:s3:::s3_bucket_name/*"
        ]
    },
    {
        "Sid": "StopDeletingObject",
        "Effect": "Stop",
        "Principal": {"AWS":"arn:aws:iam::account-number-without-hyphens:user/user1"},
        "Action": "s3:Delete*",
        "Resource": [
            "arn:aws:s3:::s3_bucket_name",
            "arn:aws:s3:::s3_bucket_name/*"
        ]
    },
    {
        "Sid": "Allow everyone to access bucket",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::account-number-without-hyphens:root"
        },
        "Action": [
            "s3:Get*",
            "s3:List*",
            "s3:Put*",
            "s3:Delete*"
        ],
        "Resource": [
            "arn:aws:s3:::s3_bucket_name",
            "arn:aws:s3:::s3_bucket_name/*"
        ]
    }
]
}