Supported Condition operators and keys in Bucket Policies
Diese Seite ist noch nicht in deiner Sprache verfügbar. Englische Seite aufrufen
Supported condition operators
Section titled “Supported condition operators”Condition operators are categorized as follows:
- String
- Numeric
- Boolean
- IP address
- Null check
| StringEquals | Compares a key to a string value based on exact matching (case sensitive). |
|---|---|
| StringNotEquals | Compares a key to a string value based on negated matching (case sensitive). |
| StringEqualsIgnoreCase | Compares a key to a string value based on exact matching (ignores case). |
| StringNotEqualsIgnoreCase | Compares a key to a string value based on negated matching (ignores case). |
| StringLike | Compares a key to a string value based on exact matching (case sensitive). Can include * and? wildcard characters. |
| StringNotLike | Compares a key to a string value based on negated matching (case sensitive). Can include * and? wildcard characters. |
| NumericEquals | Compares a key to a numeric value based on exact matching. |
| NumericNotEquals | Compares a key to a numeric value based on negated matching. |
| NumericGreaterThan | Compares a key to a numeric value based on greater than matching. |
| NumericGreaterThanEquals | Compares a key to a numeric value based on greater than or equals matching. |
| NumericLessThan | Compares a key to a numeric value based on less than matching. |
| NumericLessThanEquals | Compares a key to a numeric value based on less than or equals matching. |
| Bool | Compares a key to a Boolean value based on true or false matching. |
| IpAddress | Compares a key to an IP address or range of IP addresses. |
| NotIpAddress | Compares a key to an IP address or range of IP addresses based on negated matching. |
| Null | Checks if a condition key is present in the current request context. |
Supported condition keys
Section titled “Supported condition keys”| Category | Applicable condition keys | Description |
|---|---|---|
| IP operators | aws:SourceIp | Will compare to the IP address from which the request was sent. Can be used for bucket or object operations. |
| Resource/Identity | aws:username | Will compare to the sender’s username from which the request was sent. Can be used for bucket or object operations. |
| S3:ListBucketandS3:ListBucketVersions permissions | s3:delimiters3:max-keyss3:prefix | Will compare to the delimiter parameter specified in a GET Bucket or GET Bucket Object versions request.Will compare to the max-keys parameter specified in a GET Bucket or GET Bucket Object versions request.Will compare to the prefix parameter specified in a GET Bucket or GET Bucket Object versions request. |