Setting the princable to “*” with “Effect”: “Allow”, would make it public and i don’t want that.
“arn:aws:iam::my account id:user/*” is showing as invalid.
currently im just listing all the users in the princable but thats not exactly very maintainable.
I can allow in the IAM policy attached to the users and then deny in the bucket policy useing NotPrincipal but I can see that getting a bit complex and it seems much more secure to white list than black list?
Go to Source