Supported Permissions in Bucket Policies
Permissions that apply to buckets
Section titled “Permissions that apply to buckets”| Permissions | S3 REST API operations |
|---|---|
| s3:CreateBucket | PUT Bucket |
| s3:DeleteBucket | DELETE Bucket |
| s3:DeleteBucketPolicy | DELETE Bucket policy |
| s3:GetBucketCORS | GET Bucket cors |
| s3:GetEncryptionConfiguration | GET Bucket encryption |
| s3:GetBucketLastAccessTime | GET Bucket last access time |
| s3:GetBucketLocation | GET Bucket location |
| s3:GetBucketPolicy | GET Bucket policy |
| s3:GetBucketTagging | GET Bucket tagging |
| s3:GetBucketVersioning | GET Bucket versioning |
| s3:GetLifecycleConfiguration | GET Bucket lifecycle |
| s3:ListAllMyBuckets | GET ServiceGET Storage Usage |
| s3:ListBucket | GET Bucket (List Objects)HEAD BucketPOST Object restore |
| s3:ListBucketMultipartUploads | List Multipart UploadsPOST Object restore |
| s3:ListBucketVersions | GET Bucket versions |
| s3:PutBucketCORS | DELETE Bucket cors†PUT Bucket cors |
| s3:PutEncryptionConfiguration | DELETE Bucket encryptionPUT Bucket encryption |
| s3:PutBucketLastAccessTime | PUT Bucket last access time |
| s3:PutBucketPolicy | PUT Bucket policy |
| s3:PutBucketTagging | DELETE Bucket tagging†PUT Bucket tagging |
| s3:PutBucketVersioning | PUT Bucket versioning |
| s3:PutLifecycleConfiguration | DELETE Bucket lifecycle†PUT Bucket lifecycle |
Permissions that apply to objects
Section titled “Permissions that apply to objects”| Permissions | S3 REST API operations |
|---|---|
| s3:AbortMultipartUpload | Abort Multipart UploadPOST Object restore |
| s3:DeleteObject | DELETE ObjectDELETE Multiple ObjectsPOST Object restore |
| s3:DeleteObjectTagging | DELETE Object Tagging |
| s3:DeleteObjectVersionTagging | DELETE Object Tagging (a specific version of the object) |
| s3:DeleteObjectVersion | DELETE Object (a specific version of the object) |
| s3:GetObject | GET ObjectHEAD ObjectPOST Object restore |
| s3:GetObjectTagging | GET Object Tagging |
| s3:GetObjectVersionTagging | GET Object Tagging (a specific version of the object) |
| s3:GetObjectVersion | GET Object (a specific version of the object) |
| s3:ListMultipartUploadParts | List Parts, POST Object restore |
| s3:PutObject | PUT ObjectPUT Object - CopyPOST Object restoreInitiate Multipart UploadUpload PartComplete Multipart UploadUpload Part - Copy |
| s3:PutObjectTagging | PUT Object Tagging |
| s3:PutObjectVersionTagging | PUT Object Tagging (a specific version of the object) |
| s3:PutOverwriteObject | PUT ObjectPUT Object - CopyPUT Object taggingComplete Multipart UploadDELETE Object tagging |