termcloud/examples/bucket-policy.json

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowReadOnlyAccess",
      "Effect": "Allow",
      "Principal": {
        "User": ["john", "jane"]
      },
      "Action": [
        "termcloud:GetObject",
        "termcloud:ListObjects"
      ],
      "Resource": [
        "arn:termcloud:s3:::my-bucket/*",
        "arn:termcloud:s3:::my-bucket"
      ]
    },
    {
      "Sid": "DenyDeleteOperations",
      "Effect": "Deny",
      "Principal": {
        "User": ["*"]
      },
      "Action": [
        "termcloud:DeleteObject",
        "termcloud:DeleteBucket"
      ],
      "Resource": [
        "arn:termcloud:s3:::my-bucket/*",
        "arn:termcloud:s3:::my-bucket"
      ],
      "Condition": {
        "StringNotEquals": {
          "termcloud:username": "admin"
        }
      }
    }
  ]
}