Just a quick writeup when for example providing conditional access to s3 you would like to restrict access to AWS user name in the path you can refer to this quick snippet
statement { actions = [ "s3:ListBucket", ] resources = [ "arn:aws:s3:::${var.s3_bucket_name}", ] condition { test = "StringLike" variable = "s3:prefix" values = [ "", "home/", "home/&{aws:username}/", ] } }, statement { actions = [ "s3:*", ] resources = [ "arn:aws:s3:::${var.s3_bucket_name}/home/&{aws:username}", "arn:aws:s3:::${var.s3_bucket_name}/home/&{aws:username}/*", ] }