45 lines
925 B
JSON
45 lines
925 B
JSON
|
{
|
||
|
"Version": "2012-10-17",
|
||
|
"Statement": [
|
||
|
{
|
||
|
"Sid": "DenyAllAwsReourcesOutsideAccountExceptAmazonS3",
|
||
|
"Effect": "Deny",
|
||
|
"NotAction": [
|
||
|
"s3:GetObject",
|
||
|
"s3:PutObject",
|
||
|
"s3:PutObjectAcl"
|
||
|
],
|
||
|
"Resource": "*",
|
||
|
"Condition": {
|
||
|
"StringNotEquals": {
|
||
|
"aws:ResourceAccount": [
|
||
|
"111122223333"
|
||
|
]
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"Sid": "DenyAllS3ResourcesOutsideAccountExceptDataExchange",
|
||
|
"Effect": "Deny",
|
||
|
"Action": [
|
||
|
"s3:GetObject",
|
||
|
"s3:PutObject",
|
||
|
"s3:PutObjectAcl"
|
||
|
],
|
||
|
"Resource": "*",
|
||
|
"Condition": {
|
||
|
"StringNotEquals": {
|
||
|
"aws:ResourceAccount": [
|
||
|
"111122223333"
|
||
|
]
|
||
|
},
|
||
|
"ForAllValues:StringNotEquals": {
|
||
|
"aws:CalledVia": [
|
||
|
"dataexchange.amazonaws.com"
|
||
|
]
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|