This grants access for a bucket to a role. The key is to get the ARN correct.
VideoBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref VideoBucket
PolicyDocument:
Statement:
- Action:
- "s3:Put*"
Effect: "Allow"
Resource:
Fn::Join:
- ""
- - "arn:aws:s3:::"
- Ref: VideoBucket
- "/*"
Principal:
AWS:
- !Sub "arn:aws:iam::${AWS::AccountId}:role/${UnauthenticatedUserRole}"