Required permissions for Amazon S3 API operations (original) (raw)
(Required) s3:CreateBucket
Required to create a new s3 bucket.
(Conditionally required) s3:PutBucketAcl
Required if you want to use access control list (ACL) to specify permissions on a bucket when you make a CreateBucket request.
(Conditionally required) s3:PutBucketObjectLockConfiguration, s3:PutBucketVersioning
Required if you want to enable Object Lock when you create a bucket.
(Conditionally required) s3:PutBucketOwnershipControls
Required if you want to specify S3 Object Ownership when you create a bucket.
CreateBucketMetadataTableConfiguration
(Required) s3:CreateBucketMetadataTableConfiguration, s3tables:CreateNamespace, s3tables:CreateTable, s3tables:GetTable, s3tables:PutTablePolicy
Required to create a metadata table configuration on a general purpose bucket.
To create the metadata table in the table bucket that's specified in your metadata table configuration, you must have the specified s3tables permissions.
If you also want to integrate your table bucket with AWS analytics services so that you can query your metadata table, you need additional permissions. For more information, see Integrating Amazon S3 Tables with AWS analytics services.
(Required) s3:DeleteBucket
Required to delete an S3 bucket.
DeleteBucketAnalyticsConfiguration
(Required) s3:PutAnalyticsConfiguration
Required to delete an S3 analytics configuration from an S3 bucket.
(Required) s3:PutBucketCORS
Required to delete the cross-origin resource sharing (CORS) configuration for an bucket.
(Required) s3:PutEncryptionConfiguration
Required to reset the default encryption configuration for an S3 bucket as server-side encryption with Amazon S3 managed keys (SSE-S3).
DeleteBucketIntelligentTieringConfiguration
(Required) s3:PutIntelligentTieringConfiguration
Required to delete the existing S3 Intelligent-Tiering configuration from an S3 bucket.
DeleteBucketInventoryConfiguration
(Required) s3:PutInventoryConfiguration
Required to delete an S3 Inventory configuration from an S3 bucket.
(Required) s3:PutLifecycleConfiguration
Required to delete the S3 Lifecycle configuration for an S3 bucket.
DeleteBucketMetadataTableConfiguration
(Required) s3:DeleteBucketMetadataTableConfiguration
Required to delete a metadata table configuration from a general purpose bucket.
DeleteBucketMetricsConfiguration
(Required) s3:PutMetricsConfiguration
Required to delete a metrics configuration for the Amazon CloudWatch request metrics from an S3 bucket.
(Required) s3:PutBucketOwnershipControls
Required to remove the Object Ownership setting for an S3 bucket. After removal, the Object Ownership setting becomes Object writer.
(Required) s3:DeleteBucketPolicy
Required to delete the policy of an S3 bucket.
(Required) s3:PutReplicationConfiguration
Required to delete the replication configuration of an S3 bucket.
(Required) s3:PutBucketTagging
Required to delete tags from an S3 bucket.
(Required) s3:DeleteBucketWebsite
Required to remove the website configuration for an S3 bucket.
DeletePublicAccessBlock (Bucket-level)
(Required) s3:PutBucketPublicAccessBlock
Required to remove the block public access configuration for an S3 bucket.
GetBucketAccelerateConfiguration
(Required) s3:GetAccelerateConfiguration
Required to use the accelerate subresource to return the Amazon S3 Transfer Acceleration state of a bucket, which is either Enabled or Suspended.
(Required) s3:GetBucketAcl
Required to return the access control list (ACL) of an S3 bucket.
GetBucketAnalyticsConfiguration
(Required) s3:GetAnalyticsConfiguration
Required to return an analytics configuration that's identified by the analytics configuration ID from an S3 bucket.
(Required) s3:GetBucketCORS
Required to return the cross-origin resource sharing (CORS) configuration for an S3 bucket.
(Required) s3:GetEncryptionConfiguration
Required to return the default encryption configuration for an S3 bucket.
GetBucketIntelligentTieringConfiguration
(Required) s3:GetIntelligentTieringConfiguration
Required to get the S3 Intelligent-Tiering configuration of an S3 bucket.
GetBucketInventoryConfiguration
(Required) s3:GetInventoryConfiguration
Required to return an inventory configuration that's identified by the inventory configuration ID from the bucket.
(Required) s3:GetLifecycleConfiguration
Required to return the S3 Lifecycle configuration of the bucket.
(Required) s3:GetBucketLocation
Required to return the AWS Region that an S3 bucket resides in.
(Required) s3:GetBucketLogging
Required to return the logging status of an S3 bucket and the permissions that users have to view and modify that status.
GetBucketMetadataTableConfiguration
(Required) s3:GetBucketMetadataTableConfiguration
Required to retrieve a metadata table configuration for a general purpose bucket.
(Required) s3:GetMetricsConfiguration
Required to get a metrics configuration that's specified by the metrics configuration ID from the bucket.
GetBucketNotificationConfiguration
(Required) s3:GetBucketNotification
Required to return the notification configuration of an S3 bucket.
(Required) s3:GetBucketOwnershipControls
Required to retrieve the Object Ownership setting for an S3 bucket.
(Required) s3:GetBucketPolicy
Required to return the policy of an S3 bucket.
(Required) s3:GetBucketPolicyStatus
Required to retrieve the policy status for an S3 bucket, indicating whether the bucket is public.
(Required) s3:GetReplicationConfiguration
Required to return the replication configuration of an S3 bucket.
(Required) s3:GetBucketRequestPayment
Required to return the request payment configuration for an S3 bucket.
(Required) s3:GetBucketVersioning
Required to return the versioning state of an S3 bucket.
(Required) s3:GetBucketTagging
Required to return the tag set that's associated with an S3 bucket.
(Required) s3:GetBucketWebsite
Required to return the website configuration for an S3 bucket.
(Required) s3:GetBucketObjectLockConfiguration
Required to get the Object Lock configuration for an S3 bucket.
GetPublicAccessBlock (Bucket-level)
(Required) s3:GetBucketPublicAccessBlock
Required to retrieve the block public access configuration for an S3 bucket.
(Required) s3:ListBucket
Required to determine if a bucket exists and if you have permission to access it.
ListBucketAnalyticsConfigurations
(Required) s3:GetAnalyticsConfiguration
Required to list the analytics configurations for an S3 bucket.
ListBucketIntelligentTieringConfigurations
(Required) s3:GetIntelligentTieringConfiguration
Required to list the S3 Intelligent-Tiering configurations of an S3 bucket.
ListBucketInventoryConfigurations
(Required) s3:GetInventoryConfiguration
Required to return a list of inventory configurations for an S3 bucket.
ListBucketMetricsConfigurations
(Required) s3:GetMetricsConfiguration
Required to list the metrics configurations for an S3 bucket.
(Required) s3:ListBucket
Required to list some or all (up to 1,000) of the objects in an S3 bucket.
(Conditionally required) s3:GetObjectAcl
Required if you want to display object owner information.
(Required) s3:ListBucket
Required to list some or all (up to 1,000) of the objects in an S3 bucket.
(Conditionally required) s3:GetObjectAcl
Required if you want to display object owner information.
(Required) s3:ListBucketVersions
Required to get metadata about all the versions of objects in an S3 bucket.
PutBucketAccelerateConfiguration
(Required) s3:PutAccelerateConfiguration
Required to set the accelerate configuration of an existing bucket.
(Required) s3:PutBucketAcl
Required to use access control lists (ACLs) to set the permissions on an existing bucket.
PutBucketAnalyticsConfiguration
(Required) s3:PutAnalyticsConfiguration
Required to set an analytics configuration for an S3 bucket.
(Required) s3:PutBucketCORS
Required to set the cross-origin resource sharing (CORS) configuration for an S3 bucket.
(Required) s3:PutEncryptionConfiguration
Required to configure the default encryption for an S3 bucket.
PutBucketIntelligentTieringConfiguration
(Required) s3:PutIntelligentTieringConfiguration
Required to put the S3 Intelligent-Tiering configuration to an S3 bucket.
PutBucketInventoryConfiguration
(Required) s3:PutInventoryConfiguration
Required to add an inventory configuration to an S3 bucket.
(Required) s3:PutLifecycleConfiguration
Required to create a new S3 Lifecycle configuration or replace an existing lifecycle configuration for an S3 bucket.
(Required) s3:PutBucketLogging
Required to set the logging parameters for an S3 bucket and specify permissions for who can view and modify the logging parameters.
(Required) s3:PutMetricsConfiguration
Required to set or update a metrics configuration for the Amazon CloudWatch request metrics of an S3 bucket.
PutBucketNotificationConfiguration
(Required) s3:PutBucketNotification
Required to enable notifications of specified events for an S3 bucket.
(Required) s3:PutBucketOwnershipControls
Required to create or modify the Object Ownership setting for an S3 bucket.
(Required) s3:PutBucketPolicy
Required to apply an S3 bucket policy to a bucket.
(Required) s3:PutReplicationConfiguration
Required to create a new replication configuration or replace an existing one for an S3 bucket.
(Required) s3:PutBucketRequestPayment
Required to set the request payment configuration for a bucket.
(Required) s3:PutBucketTagging
Required to add a set of tags to an S3 bucket.
(Required) s3:PutBucketVersioning
Required to set the versioning state of an S3 bucket.
(Required) s3:PutBucketWebsite
Required to configure a bucket as a website and set the configuration of the website.
(Required) s3:PutBucketObjectLockConfiguration
Required to put Object Lock configuration on an S3 bucket.
PutPublicAccessBlock (Bucket-level)
(Required) s3:PutBucketPublicAccessBlock
Required to create or modify the block public access configuration for an S3 bucket.