awsのpolicyの作り方を教えてください

{
  "Version": "2012-10-11",
  "Id": "Policy1503119012324",
  "Statement": [{
    "Sid": "Stmt15031190096534",
    "Effect": "Deny",
    "Principal": "*",
    "Action": "*",
    "Resource": "arn:aws:s3:::mybucket/*",
    "Condition": {
      ここで特定のIAMユーザーを例外にしたい
    }
  }]
}