Supported Permissions in Bucket Policies
Last updated on
Permissions that apply to buckets
Section titled “Permissions that apply to buckets”| Permissions | S3 REST API operations |
|---|---|
| s3:CreateBucket | PUT Bucket |
| s3:DeleteBucket | DELETE Bucket |
| s3:DeleteBucketPolicy | DELETE Bucket policy |
| s3:GetBucketCORS | GET Bucket cors |
| s3:GetEncryptionConfiguration | GET Bucket encryption |
| s3:GetBucketLastAccessTime | GET Bucket last access time |
| s3:GetBucketLocation | GET Bucket location |
| s3:GetBucketPolicy | GET Bucket policy |
| s3:GetBucketTagging | GET Bucket tagging |
| s3:GetBucketVersioning | GET Bucket versioning |
| s3:GetLifecycleConfiguration | GET Bucket lifecycle |
| s3:ListAllMyBuckets | GET ServiceGET Storage Usage |
| s3:ListBucket | GET Bucket (List Objects) HEAD Bucket POST Object restore |
| s3:ListBucketMultipartUploads | List Multipart Uploads POST Object restore |
| s3:ListBucketVersions | GET Bucket versions |
| s3:PutBucketCORS | DELETE Bucket cors† PUT Bucket cors |
| s3:PutEncryptionConfiguration | DELETE Bucket encryption PUT Bucket encryption |
| s3:PutBucketLastAccessTime | PUT Bucket last access time |
| s3:PutBucketPolicy | PUT Bucket policy |
| s3:PutBucketTagging | DELETE Bucket tagging† PUT Bucket tagging |
| s3:PutBucketVersioning | PUT Bucket versioning |
| s3:PutLifecycleConfiguration | DELETE Bucket lifecycle† PUT Bucket lifecycle |
Permissions that apply to objects
Section titled “Permissions that apply to objects”| Permissions | S3 REST API operations |
|---|---|
| s3:AbortMultipartUpload | Abort Multipart Upload POST Object restore |
| s3:DeleteObject | DELETE Object DELETE Multiple Objects POST Object restore |
| s3:DeleteObjectTagging | DELETE Object Tagging |
| s3:DeleteObjectVersionTagging | DELETE Object Tagging (a specific version of the object) |
| s3:DeleteObjectVersion | DELETE Object (a specific version of the object) |
| s3:GetObject | GET Object HEAD Object POST Object restore |
| s3:GetObjectTagging | GET Object Tagging |
| s3:GetObjectVersionTagging | GET Object Tagging (a specific version of the object) |
| s3:GetObjectVersion | GET Object (a specific version of the object) |
| s3:ListMultipartUploadParts | List Parts, POST Object restore |
| s3:PutObject | PUT Object PUT Object - Copy POST Object restore Initiate Multipart Upload Upload Part Complete Multipart Upload Upload Part - Copy |
| s3:PutObjectTagging | PUT Object Tagging |
| s3:PutObjectVersionTagging | PUT Object Tagging (a specific version of the object) |
| s3:PutOverwriteObject | PUT Object PUT Object - Copy PUT Object tagging Complete Multipart Upload DELETE Object tagging |