CloudFormation-based S3 Bucket Policies with Conditional Statements and Principals

I have a project where I needed to build an S3 bucket policy in a CFT, where certain statements should only be in the policy when a user ARN is provided. It’s hard to even Google for this use case, since bucket policies can contain “conditions”, but that’s different from conditionally including or excluding a policy statement.

The linked gists contain one extra feature – if a second user ARN is provided via a parameter, that user is added to one of the policy statements.

I’ve included json and yml versions. The yml is much easier to read, but my use case required json, so I’ve included both: https://gist.github.com/karlkranich/cd27f8bda64aa9e1cdab6cb52eaafcd8

Leave a Reply

Your email address will not be published. Required fields are marked *