Supported Condition operators and keys in Bucket Policies
Supported condition operators
Section titled “Supported condition operators”Condition operators are categorized as follows:
- String
- Numeric
- Boolean
- IP address
- Null check
| StringEquals | Compares a key to a string value based on exact matching (case sensitive). |
|---|---|
| StringNotEquals | Compares a key to a string value based on negated matching (case sensitive). |
| StringEqualsIgnoreCase | Compares a key to a string value based on exact matching (ignores case). |
| StringNotEqualsIgnoreCase | Compares a key to a string value based on negated matching (ignores case). |
| StringLike | Compares a key to a string value based on exact matching (case sensitive). Can include * and? wildcard characters. |
| StringNotLike | Compares a key to a string value based on negated matching (case sensitive). Can include * and? wildcard characters. |
| NumericEquals | Compares a key to a numeric value based on exact matching. |
| NumericNotEquals | Compares a key to a numeric value based on negated matching. |
| NumericGreaterThan | Compares a key to a numeric value based on greater than matching. |
| NumericGreaterThanEquals | Compares a key to a numeric value based on greater than or equals matching. |
| NumericLessThan | Compares a key to a numeric value based on less than matching. |
| NumericLessThanEquals | Compares a key to a numeric value based on less than or equals matching. |
| Bool | Compares a key to a Boolean value based on true or false matching. |
| IpAddress | Compares a key to an IP address or range of IP addresses. |
| NotIpAddress | Compares a key to an IP address or range of IP addresses based on negated matching. |
| Null | Checks if a condition key is present in the current request context. |
Supported condition keys
Section titled “Supported condition keys”| Category | Applicable condition keys | Description |
|---|---|---|
| IP operators | aws:SourceIp | Will compare to the IP address from which the request was sent. Can be used for bucket or object operations. |
| Resource/Identity | aws:username | Will compare to the sender’s username from which the request was sent. Can be used for bucket or object operations. |
| S3:ListBucketandS3:ListBucketVersions permissions | s3:delimiters3:max-keyss3:prefix | Will compare to the delimiter parameter specified in a GET Bucket or GET Bucket Object versions request.Will compare to the max-keys parameter specified in a GET Bucket or GET Bucket Object versions request.Will compare to the prefix parameter specified in a GET Bucket or GET Bucket Object versions request. |