Let's say that I have a machine that I want to be able to write to a certain log file stored on an S3 bucket.
So, the machine needs to have writing abilities to that bucket, but, I don't want it to have the ability to overwrite or delete any files in that bucket (including the one I want it to write to).
So basically, I want my machine to be able to only append data to that log file, without overriding it or downloading it.
Is there a way to configure my S3 to work like that? Maybe there's some IAM policy I can attach to it so it will work like I want?
Unfortunately, you can't.
S3 doesn't have an "append" operation.* Once an object has been uploaded, there is no way to modify it in place; your only option is to upload a new object to replace it, which doesn't meet your requirements.
*: Yes, I know this post is a couple of years old. It's still accurate, though.