AWS Code Sample

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.


Adds a policy to an S3 bucket that denies un-encrypted uploads.

# Copyright 2010-2019, Inc. or its affiliates. All Rights Reserved. # # This file is licensed under the Apache License, Version 2.0 (the "License"). # You may not use this file except in compliance with the License. A copy of the # License is located at # # # # This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS # OF ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. require 'aws-sdk-iam' # To get user ARN; In v2: require 'aws-sdk' require 'aws-sdk-s3' region = 'us-west-2' bucket = 'my_bucket' # Get ARN for current user iam = region) user = iam.current_user arn = user.arn puts 'User ARN: ' + arn s3 = region) policy = { 'Version':'2012-10-17', 'Id':'PutObjPolicy', 'Statement':[{ 'Sid':'DenyUnEncryptedObjectUploads', 'Effect':'Deny', 'Principal':'*', 'Action':'s3:PutObject', 'Resource':'arn:aws:s3:::' + bucket + '/*', 'Condition':{ 'StringNotEquals':{ 's3:x-amz-server-side-encryption':'aws:kms' } } }] }.to_json s3.put_bucket_policy( bucket: bucket, policy: policy ) puts 'Successfully added policy to bucket ' + bucket

Sample Details

Service: s3

Last tested: 2018-03-16

Author: Doug-AWS

Type: full-example

On this page: