// Example: ${aws:username}
{"Resource": ["arn:aws:s3:::mybucket/${aws:username}/*"]}

AWS Specific

// aws:CurrentTime, aws:TokenIssueTime, aws:principaltype, 
// aws:SecureTransport, aws:SourceIp, aws:userid, 
// ec2:SourceInstanceARN

Service Specific

// s3:prefix, s3:max-keys, s3:x-amz-acl, sns:Endpoint, sns:Protocol...

Tag Based:

// iam:ResourceTag/key-name
// aws:PrincipalTag/key-name...