What user policy?

@codynew

Add the Amazon s3 full access policy which should look something like this

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "*"
    }
  ]
}

If you are not comfortable with the full access policy because of security concerns, you can refer to this support to better fine tune your policy.

@codynew

Add the Amazon s3 full access policy which should look something like this

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "*"
    }
  ]
}

If you are not comfortable with the full access policy because of security concerns, you can refer to this support to better fine tune your policy.

@phpcentre Thank you – I (think) that works as expected now.

My main concern is if someone got access to my website that they would be able to delete the other folders I have in my S3 account. Is this still at risk with the above policy?

@codynew

First of all with the above s3 full access policy, if someone get’s access to your backend,he or she cannot use the plugin to delete any folder on your s3 account, the plugin settings does not allow any delete operation. The only delete operation the plugin performs is the delete object action the plugin performs for the permission check,image resize and when a media is deleted from the wordpress admin media page that has been uploaded to s3,all these actions runs behind the scene and should not border you as such.
But if someone get’s access to the keys you saved in your config file that has this full access policy, then with those keys alone,he or she has full access to your s3 account and can perform any action including all the delete operations.
I already told you if you are concerned about the full access policy refer to this support to better fine tune it.