AWS CloudFormation
User Guide (API Version 2010-05-15)


The AWS::S3::BucketPolicy type applies an Amazon S3 bucket policy to an Amazon S3 bucket.

AWS::S3::BucketPolicy Snippet: Declaring an Amazon S3 Bucket Policy


   "Type" : "AWS::S3::BucketPolicy",
   "Properties" : {
      "Bucket" : String,
      "PolicyDocument" : JSON



The Amazon S3 bucket that the policy applies to.

Required: Yes

Type: String

You cannot update this property. If you want to add or remove a bucket from a bucket policy, you must modify your AWS CloudFormation template by creating a new bucket policy resource and removing the old one. Then use the modified template to update your AWS CloudFormation stack.


A policy document containing permissions to add to the specified bucket. For more information, see Access Policy Language Overview in the Amazon Simple Storage Service Developer Guide.

Required: Yes

Type: JSON object

Update requires: No interruption


Example Bucket policy that allows GET requests from specific referers

The following sample is a bucket policy that is attached to the myExampleBucket bucket and allows GET requests that originate from and

"SampleBucketPolicy" : {
  "Type" : "AWS::S3::BucketPolicy",
  "Properties" : {
    "Bucket" : {"Ref" : "myExampleBucket"},
    "PolicyDocument": {
	    "Resource": { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "myExampleBucket" } , "/*" ]]},