I have an User, attached to Group level "S3 Read Only" policy and a Direct Policy "S3FullAccess". With this user when I try to upload an object in S3 its a success. Now in the bucket I added a DENY policy for the action "s3:PutBucketPolicy" against the user(Principal).
Now I was expecting the user will be blocked from uploading the object, but that’s not the case. Is that intended ?
PutBucketPolicy is not same as PutObject.
Thanks, modifying it to PutObject got desired result