How can Deny be set on PutObject for only files that already exist in an s3 bucket?

answered 2021-12-21 03:00:00 +0000

plato
56 ●5 ●5

To set a deny policy on PutObject for only files that already exist in an S3 bucket, you can use a bucket policy with a condition that checks for object existence using the key name. Here's an example policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DenyPutForExistingObjects",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::bucket-name/*",
            "Condition": {
                "StringEqualsIfExists": {
                    "s3:ExistingObjectTag/Key": "true"
                }
            }
        }
    ]
}

This policy denies the PutObject action if the object already exists in the bucket by checking the value of the s3:ExistingObjectTag/Key tag. If the tag exists and its value is "true", the PutObject action is denied.

To apply this policy, you can use the AWS Management Console, the AWS CLI, or the SDKs. Make sure to replace "bucket-name" with the name of your S3 bucket.

edit flag offensive delete link

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss

Add Answer

How can Deny be set on PutObject for only files that already exist in an s3 bucket?

1 Answer

Your Answer

Question Tools

Stats

Related questions

How can Deny be set on PutObject for only files that already exist in an s3 bucket? edit

1 Answer