Specifying resources in a policy

In policy statements, you can use the Resource element to specify the bucket or object for which permissions are allowed/denied.

  • Each policy statement requires a Resource element. In a policy, resources are denoted by the element Resource, or alternatively, NotResource for exclusion.
  • You specify resources with an S3 resource URN. For example:
    "Resource": "urn:sgws:s3:::mybucket/*"
  • You can also use policy variables inside the object key. For example:
    "Resource": "urn:sgws:s3:::mybucket/home/${sgws:username}/*"
  • The resource value can specify a bucket that does not yet exist when a group policy is created.