I have an AWS IAM policy in Terraform that is written like such:
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::bucket-name",
"Condition": {
"StringLike": {
"s3:prefix": "${local.account_id}/*"
}
}
}
However, I'm trying to understand why s3:prefix is used at all. Can't this be done with:
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::bucket-name/${local.account_id}/*",
}
question from:https://stackoverflow.com/questions/66054830/aws-iam-s3prefix