Here are 2 policy examples I use; first one append-only, second one global read-write. Those are used for minio server, but at least action names and resources should be compatible with s3:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::mybucket/*"
},
{
"Effect": "Allow",
"Action": "s3:DeleteObject",
"Resource": "arn:aws:s3:::mybucket/locks/*"
},
{
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::mybucket"
}
]
}
{
"ID": "Policy1565782210131",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1565782085056",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::*/*"
]
}
]
}