Specifying variables in a policy

You can use variables in policies to populate policy information when it is available. You can use policy variables in the Resource element and in string comparisons in the Condition element.

In this example, the variable ${sgws:username} is part of the Resource element:

"Resource": "urn:sgws:s3:::bucket-name/home/${sgws:username}/*"

In this example, the variable ${sgws:username} is part of the condition value in the condition block:

"Condition": {
    "StringLike": {
      "s3:prefix": "${sgws:username}/*"
		...
},
		...
Variable Description
${sgws:SourceIp} Uses the SourceIp key as the provided variable.
${sgws:username} Uses the username key as the provided variable.
${s3:prefix} Uses the service-specific prefix key as the provided variable.
${s3:max-keys} Uses the service-specific max-keys key as the provided variable.
${*} Special character. Uses the character as a literal * character.
${?} Special character. Uses the character as a literal ? character.
${$} Special character. Uses the character as a literal $ character.