Basics #

To apply a policy we recommend using one of the AWS SDKs (in your favorite language) or the awscli:

❯ python -m pip install awscli

Both include validation and error handling which make working with these API a much better experience than building signatures yourself and piping calls to curl.


Create/save your policy to policy.json and then apply it using the following command:

❯ aws s3api put-bucket-policy \
 --bucket \
 --policy file://policy.json

SDK Example #

For this demonstration, we utilized Golang, but the method calls will be quite similar with the SDK in your preferred programming language. To maintain brevity in the examples, we won’t reproduce this fully functional program on each individual page.

package main

import (


func main() {
  // initialize the credential session
  sess := session.Must(session.NewSession(&aws.Config{
    Region:                    aws.String("unused"),
    Credentials:               credentials.NewStaticCredentials(
    S3ForcePathStyle:          aws.Bool(true),
    DisableEndpointHostPrefix: aws.Bool(true),

  // create service client
  svc := s3.New(sess, aws.NewConfig().

  bucket := ""

  rawPolicy := map[string]interface{}{
    "Version": "2012-10-17",
    "Statement": []map[string]interface{}{
        "Effect": "Allow",
        "Action": []string{
        "Resource": []string{
          "arn:aws:s3:::" + bucket,
          "arn:aws:s3:::" + bucket + "/*",
        "Principal": "*",

  // encode to json
  policy, _ := json.Marshal(rawPolicy)

  // set policy
    Bucket: &bucket,
    Policy: aws.String(string(policy)),