In policy statements, you can use the Resource element to specify the bucket or object for which permissions are allowed/denied.
"Resource": "urn:sgws:s3:::mybucket/*"
"Resource": "urn:sgws:s3:::mybucket/home/${sgws:username}/*"
The resource value can specify a bucket that does not yet exist when a group policy is created.