AWS IAM Policy elements for S3 read, write, list and delete objects only

aws-s3-limited-perms.txt

arn:aws:s3:::$bucket-name
  s3:ListBucket
  s3:ListBucketVersions
  s3:GetBucketTagging

arn:aws:s3:::$bucket-name/$key-name
  s3:ListMultipartUploadParts
  s3:GetObject
  s3:GetObjectVersion
  s3:GetObjectTagging
  s3:PutObject
  s3:DeleteObject
  // s3:DeleteObjectVersion - consider if this permission should be granted

Terraform policy document

data "aws_iam_policy_document" "s3_limited_rights" {

  statement {
    sid = "s3"

    effect = "Allow"

    actions = [
      "s3:ListBucket",
      "s3:ListBucketVersions",
      "s3:GetBucketTagging",
      "s3:ListMultipartUploadParts",
      "s3:GetObject",
      "s3:GetObjectVersion",
      "s3:GetObjectTagging",
      "s3:PutObject",
      "s3:DeleteObject",
    ]

    resources = [
      "arn:aws:s3:::bucket-name",             
      "arn:aws:s3:::bucket-name/*",
    ]
  }