Ask Your Question

How can Deny be set on PutObject for only files that already exist in an s3 bucket?

asked 2022-08-31 11:00:00 +0000

huitzilopochtli gravatar image

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2021-12-21 03:00:00 +0000

plato gravatar image

To set a deny policy on PutObject for only files that already exist in an S3 bucket, you can use a bucket policy with a condition that checks for object existence using the key name. Here's an example policy:

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "DenyPutForExistingObjects",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::bucket-name/*",
            "Condition": {
                "StringEqualsIfExists": {
                    "s3:ExistingObjectTag/Key": "true"

This policy denies the PutObject action if the object already exists in the bucket by checking the value of the s3:ExistingObjectTag/Key tag. If the tag exists and its value is "true", the PutObject action is denied.

To apply this policy, you can use the AWS Management Console, the AWS CLI, or the SDKs. Make sure to replace "bucket-name" with the name of your S3 bucket.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss

Add Answer

Question Tools


Asked: 2022-08-31 11:00:00 +0000

Seen: 19 times

Last updated: Dec 21 '21