Go to
Open table of content Jump to
Thank you! Your opinion helps us make better documentation.
Home Object Storage Additional Content Amazon S3 and I … ons equivalence Amazon S3 and IAM permissions equivalence Below is a list of Object Storage API actions authorized for each permission set . Actions that are not explicitly authorized in a permission set are denied by default.
Object Storage action Bucket policy action required CreateBucket - AbortMultipartUpload s3:AbortMultipartUpload CompleteMultipartUpload s3:PutObject CopyObject s3:PutObject CreateMultipartUpload s3:PutObject DeleteBucketCors s3:PutBucketCORS DeleteBucketLifecycleConfiguration s3:PutLifecycleConfiguration DeleteBucketTagging s3:PutBucketTagging DeleteBucketWebsite s3:DeleteBucketWebsite DeleteObject (with a versionId specified) s3:DeleteObjectVersion DeleteObject s3:DeleteObject DeleteObjects (with a versionId specified) s3:DeleteObjectVersion DeleteObjects s3:DeleteObject DeleteObjectTagging (with a versionId specified) s3:DeleteObjectVersionTagging DeleteObjectTagging s3:DeleteObjectTagging GetBucketAcl s3:GetBucketAcl GetBucketCors s3:GetBucketCORS GetBucketLifecycleConfiguration s3:GetLifecycleConfiguration GetBucketLocation s3:GetBucketLocation GetBucketTagging s3:GetBucketTagging GetBucketVersioning s3:GetBucketVersioning GetBucketWebsite s3:GetBucketWebsite GetObject (with a versionId specified) s3:GetObjectVersion GetObject s3:GetObject GetObjectAcl s3:GetObjectAcl GetObjectAttributes (with a versionId specified) s3:GetObjectVersionAttributes GetObjectAttributes s3:GetObjectAttributes GetObjectLegalHold s3:GetObjectLegalHold GetObjectLockConfiguration s3:GetBucketObjectLockConfiguration GetObjectRetention s3:GetObjectRetention GetObjectTagging (with a versionId specified) s3:GetObjectVersionTagging GetObjectTagging s3:GetObjectTagging HeadBucket s3:ListBucket HeadObject s3:GetObject ListMultipartUploads s3:ListBucketMultipartUploads ListObjects s3:ListBucket ListObjectsV2 s3:ListBucket ListObjectVersions s3:ListBucketVersions ListParts s3:ListMultipartUploadParts PostObject s3:PutObject PutBucketAcl s3:PutBucketAcl PutBucketCors s3:PutBucketCORS PutBucketLifecycleConfiguration s3:PutLifecycleConfiguration PutBucketTagging s3:PutBucketTagging PutBucketVersioning s3:PutBucketVersioning PutBucketWebsite s3:PutBucketWebsite PutObject s3:PutObject PutObjectAcl s3:PutObjectAcl PutObjectLegalHold s3:PutObjectLegalHold PutObjectLockConfiguration s3:PutBucketObjectLockConfiguration PutObjectRetention s3:PutObjectRetention PutObjectTagging (with a versionId specified) s3:PutObjectVersionTagging PutObjectTagging s3:PutObjectTagging RestoreObject s3:RestoreObject UploadPart s3:PutObject UploadPartCopy s3:PutObject
Object Storage action Bucket policy action required GetBucketAcl s3:GetBucketAcl GetBucketCors s3:GetBucketCORS GetBucketLifecycleConfiguration s3:GetLifecycleConfiguration GetBucketLocation s3:GetBucketLocation GetBucketTagging s3:GetBucketTagging GetBucketVersioning s3:GetBucketVersioning GetBucketWebsite s3:GetBucketWebsite GetObject (with a versionId specified) s3:GetObjectVersion GetObject s3:GetObject GetObjectAcl s3:GetObjectAcl GetObjectAttributes (with a versionId specified) s3:GetObjectVersionAttributes GetObjectAttributes s3:GetObjectAttributes GetObjectLegalHold s3:GetObjectLegalHold GetObjectLockConfiguration s3:GetBucketObjectLockConfiguration GetObjectRetention s3:GetObjectRetention GetObjectTagging (with a versionId specified) s3:GetObjectVersionTagging GetObjectTagging s3:GetObjectTagging HeadBucket s3:ListBucket HeadObject s3:GetObject ListBuckets s3:ListBucket ListMultipartUploads s3:ListBucketMultipartUploads ListObjects s3:ListBucket ListObjectsV2 s3:ListBucket ListObjectVersions s3:ListBucketVersions ListParts s3:ListMultipartUploadParts
Object Storage action Bucket policy action required GetBucketAcl s3:GetBucketAcl GetBucketCors s3:GetBucketCORS GetBucketLifecycleConfiguration s3:GetLifecycleConfiguration GetBucketLocation s3:GetBucketLocation GetBucketTagging s3:GetBucketTagging GetBucketVersioning s3:GetBucketVersioning GetBucketWebsite s3:GetBucketWebsite HeadBucket s3:ListBucket ListBuckets s3:ListBucket
Object Storage action Bucket policy action required CreateBucket - DeleteBucketCors s3:PutBucketCORS DeleteBucketLifecycleConfiguration s3:PutLifecycleConfiguration DeleteBucketTagging s3:PutBucketTagging DeleteBucketWebsite s3:DeleteBucketWebsite PutBucketAcl s3:PutBucketAcl PutBucketCors s3:PutBucketCORS PutBucketLifecycleConfiguration s3:PutLifecycleConfiguration PutBucketTagging s3:PutBucketTagging PutBucketVersioning s3:PutBucketVersioning PutBucketWebsite s3:PutBucketWebsite
Object Storage action Bucket policy action required DeleteBucket s3:DeleteBucket
Object Storage action Bucket policy action required GetObject (with a versionId specified) s3:GetObjectVersion GetObject s3:GetObject GetObjectAcl s3:GetObjectAcl GetObjectAttributes (with a versionId specified) s3:GetObjectVersionAttributes GetObjectAttributes s3:GetObjectAttributes GetObjectLegalHold s3:GetObjectLegalHold GetObjectLockConfiguration s3:GetBucketObjectLockConfiguration GetObjectRetention s3:GetObjectRetention GetObjectTagging (with a versionId specified) s3:GetObjectVersionTagging GetObjectTagging s3:GetObjectTagging HeadObject s3:GetObject ListMultipartUploads s3:ListBucketMultipartUploads ListObjects s3:ListBucket ListObjectsV2 s3:ListBucket ListObjectVersions s3:ListBucketVersions ListParts s3:ListMultipartUploadParts
Object Storage action Bucket policy action required CompleteMultipartUpload s3:PutObject CopyObject s3:PutObject CreateMultipartUpload s3:PutObject DeleteObjectTagging (with a versionId specified) s3:DeleteObjectVersionTagging DeleteObjectTagging s3:DeleteObjectTagging PostObject s3:PutObject PutObject s3:PutObject PutObjectAcl s3:PutObjectAcl PutObjectLegalHold s3:PutObjectLegalHold PutObjectLockConfiguration s3:PutBucketObjectLockConfiguration PutObjectRetention s3:PutObjectRetention PutObjectTagging (with a versionId specified) s3:PutObjectVersionTagging PutObjectTagging s3:PutObjectTagging RestoreObject s3:RestoreObject UploadPart s3:PutObject UploadPartCopy s3:PutObject
Object Storage action Bucket policy action required AbortMultipartUpload s3:AbortMultipartUpload DeleteObject (with a versionId specified) s3:DeleteObjectVersion DeleteObject s3:DeleteObject DeleteObjects (with a versionId specified) s3:DeleteObjectVersion DeleteObjects s3:DeleteObject