How do I apply a Statement in my bucket policy to all users in my account?

Setting the princable to “*” with “Effect”: “Allow”, would make it public and i don’t want that.

“arn:aws:iam::my account id:user/*” is showing as invalid.

currently im just listing all the users in the princable but thats not exactly very maintainable.

I can allow in the IAM policy attached to the users and then deny in the bucket policy useing NotPrincipal but I can see that getting a bit complex and it seems much more secure to white list than black list?

Go to Source
Author: doug