At times we want to allow/deny access to any particular S3 bucket, for a particular user.
Similar case would be, suppose you want to give someone only a read access to your AWS infra, but you don't want them looking at your specific buckets.

The below snippet would help you achieve the same.

    "Id": "bucketPolicy",
    "Statement": [
            "Action": "s3:*",
            "Effect": "Deny",
            "NotPrincipal": {
                "AWS": [
            "Resource": [
    "Version": "2012-10-17"