IAM policy to grant access to user specific folder

Let's talk about a situation where one needs give access to a user on a specific folder under a S3 bucket. It is somewhat similar to folder level permissions on *nix based system where user has access to his/her 'home' directory


Scenario:

A. Objective is to give a specific user access to a specific folder under a S3 bucket;
user name: s3-sub (a leats privilege user )
Bucket: test-bucket-bijit
Sub folder: /test-bucket-bijit/s3-sub-home

B. Criteria: User "s3-sub" should only have ReadOnly access on the bucket "test-bucket-bijit" but
        full access on "/test-bucket-bijit/s3-sub-home"

C. Resolution:

Let's create a custom inline policy for the user which would accomplish the Objective above.  
        Make sure you validate it using the policy validator,

The following policy has two blocks; in

Block 1. ReadOnlyAccess is given to the user on the bucket "test-bucket-bijit" and in

Block 2. the user is allowed to perform all actions within "/test-bucket-bijit/s3-sub-home/"

{
 "Version": "2012-10-19",
 "Statement": [
{
 "Effect": "Allow",
 "Action": [
"s3:Get*",
"s3:List*"
 ],
 "Resource": "*"
},
{
"Sid": "AllowAllS3ActionsInUserFolder",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
  "arn:aws:s3:::test-bucket-bijit/s3-sub-home/*"
]
}
 ]
}