Granting access to S3 resources based on role name

Question

IAM policy variables are quite cool and let you create generic policys to, for example, give users access to paths in an S3 bucket based on their username, like this:

<

Answer 1

I've been looking for the same and after a lot of searching my conclusion was that it is not possible to use the role name as a variable in a IAM policy (I'd love to be proven wrong though).

Instead, I tagged my role with a name and ended up with this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": ["s3:GetObject","s3:PutObject","s3:DeleteObject"],
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::fooCorp-user-files/${aws:PrincipalTag/name}/*"
        },
        {
            "Action": "s3:ListBucket",
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::fooCorp-user-files"
        }
    ]
}