How to give permission to an IAM group in S3 Bucket policy

I want to be able to specify an iam group as the principal within my policy but i have been reading that you cannot specify an iam group as part of a resource based policy. I could potentially add in a list of iam users but then my policy would look really messy. What is the best approach to take if i cannot add an iam group arn as the principal within my policy.

If you cannot specify an IAM group as the principal in a resource-based policy, you have a few options:

1. Attach the policy directly to the IAM users: In this case, you would
   need to specify each IAM user ARN in the policy. This approach can
   quickly become messy and difficult to manage as the number of IAM
   users grows.

2. Use an IAM role: An IAM role is a way to grant permissions to AWS
   services or applications that run on AWS. You can create an IAM role
   that can be assumed by IAM users or IAM groups. You can then specify
   the IAM role in the policy instead of the IAM users or IAM groups.
   This approach provides a cleaner and more scalable way to manage
   permissions.

3. Use a service control policy (SCP): An SCP is a type of policy that
   is used to set permissions boundaries for an AWS account. You can
   use an SCP to allow or deny access to AWS services for IAM groups,
   IAM users, or IAM roles. This allows you to manage permissions for
   multiple users in a centralized and organized manner.

I would recommend option 2 or 3 as the best approach, as they provide a cleaner and more scalable way to manage permissions compared to specifying individual IAM user ARNs in the policy.