How to provide multiple StringNotEquals conditions in AWS policy?


I am trying to write AWS S3 bucket policy that denies all traffic except when it comes from two VPCs. The policy I’m trying to write looks like the one below, with a logical AND between the two StringNotEquals (except it’s an invalid policy):

If I use this:

then at least one of the string comparisons returns true and the S3 bucket is not accessible from anywhere.


Never tried this before.But the following should work. From: Using IAM Policy Conditions for Fine-Grained Access Control

Leave a Reply