{
  "Version": "2008-10-17",
  "Id": "StaticBucketPolicy",
  "Statement": [
    {
      "Sid": "1",
      "Effect": "Allow",
      "Principal": {
        "AWS": "${cloudfront_arn}"
      },
      "Action": "s3:GetObject",
      "Resource": "${bucket_arn}/*"
    },
    {
      "Sid": "2",
      "Effect": "Allow",
      "Principal": {
        "AWS": "${user_arn}"
      },
      "Action": ["s3:ListBucket"],
      "Resource": "${bucket_arn}"
    },
    {
      "Sid": "3",
      "Effect": "Allow",
      "Principal": {
        "AWS": "${user_arn}"
      },
      "Action": "s3:*",
      "Resource": "${bucket_arn}/*"
    }
  ]
}