The best I have been able to do so far is:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
This might be a bit too permissive for you. I suspect there is an action that needs access to all your buckets or some global feature of S3 and then you can restrict the putObject to just the bucket. But I haven’t been able to figure that out yet.
I have sent a support ticket to AWS to see if they can help.