...
In the AWS Management Console, in the navigation pane, choose Policies.
On the Welcome to Managed Policies page, click Create Policy.
Choose Create Policies with the Visual Editor.
On the Visual editor tab, choose Choose a service.
Select S3 service.
Choose Select Actions and in the Access level group, select the List and Read check boxes.
In the Resources group, select Specific.
In the bucket section, click Add ARN.
In the Add ARN dialog box, type the required bucket name in the Bucket name box and click Add. For instance, set the bucket name to aquila-billing-bucket.
In the object section, click Add ARN.
In the Add ARN dialog box, type the same bucket name as used for Add ARN (in Step 9) and in the Object name box type *{}(wildcard) and select the Any check box for the Object name. Verify the bucket name and object name in the Specify ARN for Object box. For instance, for the bucket name set to aquila-billing-bucket, the text in Specify ARN for Object box is set to arn:aws:s3::: aquila-billing-bucket/{*}.
This grants permissions to any resource of aquila-billing-bucket type.Figure 3: ADD ARN FOR OBJECT SCREEN.Click Add.
Click Review policy and type Name and Description for the new policy.
Review the policy summary and click Create Policy.
AWS creates the new policy for Aquila Clouds.In the navigation pane, choose Policies.
From the policies list, select the new policy and in the Policy actions, choose Attach.
Select the IAM role for Aquila Clouds to attach to the policy and choose Attach Policy.
AWS attaches the new policy to the IAM role for Aquila Clouds.Navigate to S3 > Buckets and open the bucket for Aquila Clouds.
In the Json permissions code, set the <bucketname> to the name of the S3 bucket created for Aquila Clouds.
...