I have an IAM policy associated with an access group in an S3 compatible host. If I grant access to a bucket as a resource, it works as intended. But if I add a condition like a path or a prefix, I get access denied trying to list the bucket contents. I’m trying to only give access to certain files inside the bucket.

I have an IAM policy associated with an access group in an S3 compatible host. If I grant access to a bucket as a resource, it works as intended. But if I add a condition like a path or a prefix, I get access denied trying to list the bucket contents. I’m trying to only give access to certain files inside the bucket.

I have an IAM policy associated with an access group in an S3 compatible host. If I grant access to a bucket as a resource, it works as intended. But if I add a condition like a path or a prefix, I get access denied trying to list the bucket contents. I’m trying to only give access to certain files inside the bucket.

I have an IAM policy associated with an access group in an S3 compatible host. If I grant access to a bucket as a resource, it works as intended. But if I add a condition like a path or a prefix, I get access denied trying to list the bucket contents. I’m trying to only give access to certain files inside the bucket.

How to add the “Deny Admin” role to a principal? As per the documentation, the lowest level it can be applied to is Org Node. So does that mean it can not be applied to Folder, Projects level?