Was this page helpful?

Amazon S3 and IAM permissions equivalence

ObjectStorageFullAccessLink to this anchor

Amazon S3 Action	IAM Resource	IAM Action	Authorized
DeleteBucketPolicy	Policy	Write	✅
GetBucketPolicy	Policy	Read	✅
GetBucketPolicyStatus	Policy	Read	✅
PutBucketPolicy	Policy	Write	✅
CreateBucket	Bucket	Create	✅
DeleteBucket	Bucket	Delete	✅
DeleteBucketCors	Bucket	Write	✅
DeleteBucketLifecycle	Bucket	Write	✅
DeleteBucketTagging	Bucket	Write	✅
DeleteBucketWebsite	Bucket	Write	✅
GetBucketAcl	Bucket	Read	✅
GetBucketCors	Bucket	Read	✅
GetBucketLifecycleConfiguration	Bucket	Read	✅
GetBucketLocation	Bucket	Read	✅
GetBucketTagging	Bucket	Read	✅
GetBucketVersioning	Bucket	Read	✅
GetBucketWebsite	Bucket	Read	✅
HeadBucket	Bucket	Read	✅
ListBuckets	Bucket	List	✅
PutBucketAcl	Bucket	Write	✅
PutBucketCors	Bucket	Write	✅
PutBucketLifecycleConfiguration	Bucket	Write	✅
PutBucketTagging	Bucket	Write	✅
PutBucketVersioning	Bucket	Write	✅
PutBucketWebsite	Bucket	Write	✅
AbortMultipartUpload	Object	Delete	✅
CompleteMultipartUpload	Object	Create	✅
CopyObject	Object	Write	✅
CreateMultipartUpload	Object	Create	✅
DeleteObject	Object	Delete	✅
DeleteObjects	Object	Delete	✅
DeleteObjectTagging	Object	Write	✅
GetObject	Object	Read	✅
GetObjectAcl	Object	Read	✅
GetObjectLegalHold	Object	Read	✅
GetObjectLockConfiguration	Object	Read	✅
GetObjectRetention	Object	Read	✅
GetObjectTagging	Object	Read	✅
HeadObject	Object	Read	✅
ListMultipartUploads	Object	List	✅
ListObjects	Object	List	✅
ListObjectsV2	Object	List	✅
ListObjectVersions	Object	List	✅
ListParts	Object	List	✅
PutObject	Object	Create	✅
PutObjectAcl	Object	Write	✅
PutObjectLegalHold	Object	Write	✅
PutObjectLockConfiguration	Object	Write	✅
PutObjectRetention	Object	Write	✅
PutObjectTagging	Object	Write	✅
RestoreObject	Object	Write	✅
UploadPart	Object	Write	✅
UploadPartCopy	Object	Write	✅
PostObject	Object	Create	✅

ObjectStorageReadOnlyLink to this anchor

Amazon S3 Action	IAM Resource	IAM Action	Authorized
AbortMultipartUpload	Object	Delete
CompleteMultipartUpload	Object	Create
CopyObject	Object	Write
CreateBucket	Bucket	Create
CreateMultipartUpload	Object	Create
DeleteBucket	Bucket	Delete
DeleteBucketCors	Bucket	Write
DeleteBucketLifecycle	Bucket	Write
DeleteBucketPolicy	Policy	Write
DeleteBucketTagging	Bucket	Write
DeleteBucketWebsite	Bucket	Write
DeleteObject	Object	Delete
DeleteObjects	Object	Delete
DeleteObjectTagging	Object	Write
GetBucketAcl	Bucket	Read	✅
GetBucketCors	Bucket	Read	✅
GetBucketLifecycleConfiguration	Bucket	Read	✅
GetBucketLocation	Bucket	Read	✅
GetBucketPolicy	Policy	Read	✅
GetBucketPolicyStatus	Policy	Read	✅
GetBucketTagging	Bucket	Read	✅
GetBucketVersioning	Bucket	Read	✅
GetBucketWebsite	Bucket	Read	✅
GetObject	Object	Read	✅
GetObjectAcl	Object	Read	✅
GetObjectLegalHold	Object	Read	✅
GetObjectLockConfiguration	Object	Read	✅
GetObjectRetention	Object	Read	✅
GetObjectTagging	Object	Read	✅
HeadBucket	Bucket	Read	✅
HeadObject	Object	Read	✅
ListBuckets	Bucket	List	✅
ListMultipartUploads	Object	List	✅
ListObjects	Object	List	✅
ListObjectsV2	Object	List	✅
ListObjectVersions	Object	List	✅
ListParts	Object	List	✅
PostObject	Object	Create
PutBucketAcl	Bucket	Write
PutBucketCors	Bucket	Write
PutBucketLifecycleConfiguration	Bucket	Write
PutBucketPolicy	Policy	Write
PutBucketTagging	Bucket	Write
PutBucketVersioning	Bucket	Write
PutBucketWebsite	Bucket	Write
PutObject	Object	Create
PutObjectAcl	Object	Write
PutObjectLegalHold	Object	Write
PutObjectLockConfiguration	Object	Write
PutObjectRetention	Object	Write
PutObjectTagging	Object	Write
RestoreObject	Object	Write
UploadPart	Object	Write
UploadPartCopy	Object	Write

ObjectStorageBucketsReadLink to this anchor

Amazon S3 Action	IAM Resource	IAM Action	Authorized
AbortMultipartUpload	Object	Delete
CompleteMultipartUpload	Object	Create
CopyObject	Object	Write
CreateBucket	Bucket	Create
CreateMultipartUpload	Object	Create
DeleteBucket	Bucket	Delete
DeleteBucketCors	Bucket	Write
DeleteBucketLifecycle	Bucket	Write
DeleteBucketPolicy	Policy	Write
DeleteBucketTagging	Bucket	Write
DeleteBucketWebsite	Bucket	Write
DeleteObject	Object	Delete
DeleteObjects	Object	Delete
DeleteObjectTagging	Object	Write
GetBucketAcl	Bucket	Read	✅
GetBucketCors	Bucket	Read	✅
GetBucketLifecycleConfiguration	Bucket	Read	✅
GetBucketLocation	Bucket	Read	✅
GetBucketPolicy	Policy	Read
GetBucketPolicyStatus	Policy	Read
GetBucketTagging	Bucket	Read	✅
GetBucketVersioning	Bucket	Read	✅
GetBucketWebsite	Bucket	Read	✅
GetObject	Object	Read
GetObjectAcl	Object	Read
GetObjectLegalHold	Object	Read
GetObjectLockConfiguration	Object	Read
GetObjectRetention	Object	Read
GetObjectTagging	Object	Read
HeadBucket	Bucket	Read	✅
HeadObject	Object	Read
ListBuckets	Bucket	List	✅
ListMultipartUploads	Object	List
ListObjects	Object	List
ListObjectsV2	Object	List
ListObjectVersions	Object	List
ListParts	Object	List
PostObject	Object	Create
PutBucketAcl	Bucket	Write
PutBucketCors	Bucket	Write
PutBucketLifecycleConfiguration	Bucket	Write
PutBucketPolicy	Policy	Write
PutBucketTagging	Bucket	Write
PutBucketVersioning	Bucket	Write
PutBucketWebsite	Bucket	Write
PutObject	Object	Create
PutObjectAcl	Object	Write
PutObjectLegalHold	Object	Write
PutObjectLockConfiguration	Object	Write
PutObjectRetention	Object	Write
PutObjectTagging	Object	Write
RestoreObject	Object	Write
UploadPart	Object	Write
UploadPartCopy	Object	Write

ObjectStorageBucketsWriteLink to this anchor

Amazon S3 Action	IAM Resource	IAM Action	Authorized
AbortMultipartUpload	Object	Delete
CompleteMultipartUpload	Object	Create
CopyObject	Object	Write
CreateBucket	Bucket	Create	✅
CreateMultipartUpload	Object	Create
DeleteBucket	Bucket	Delete
DeleteBucketCors	Bucket	Write	✅
DeleteBucketLifecycle	Bucket	Write	✅
DeleteBucketPolicy	Policy	Write
DeleteBucketTagging	Bucket	Write	✅
DeleteBucketWebsite	Bucket	Write	✅
DeleteObject	Object	Delete
DeleteObjects	Object	Delete
DeleteObjectTagging	Object	Write
GetBucketAcl	Bucket	Read
GetBucketCors	Bucket	Read
GetBucketLifecycleConfiguration	Bucket	Read
GetBucketLocation	Bucket	Read
GetBucketPolicy	Policy	Read
GetBucketPolicyStatus	Policy	Read
GetBucketTagging	Bucket	Read
GetBucketVersioning	Bucket	Read
GetBucketWebsite	Bucket	Read
GetObject	Object	Read
GetObjectAcl	Object	Read
GetObjectLegalHold	Object	Read
GetObjectLockConfiguration	Object	Read
GetObjectRetention	Object	Read
GetObjectTagging	Object	Read
HeadBucket	Bucket	Read
HeadObject	Object	Read
ListBuckets	Bucket	List
ListMultipartUploads	Object	List
ListObjects	Object	List
ListObjectsV2	Object	List
ListObjectVersions	Object	List
ListParts	Object	List
PostObject	Object	Create
PutBucketAcl	Bucket	Write	✅
PutBucketCors	Bucket	Write	✅
PutBucketLifecycleConfiguration	Bucket	Write	✅
PutBucketPolicy	Policy	Write
PutBucketTagging	Bucket	Write	✅
PutBucketVersioning	Bucket	Write	✅
PutBucketWebsite	Bucket	Write	✅
PutObject	Object	Create
PutObjectAcl	Object	Write
PutObjectLegalHold	Object	Write
PutObjectLockConfiguration	Object	Write
PutObjectRetention	Object	Write
PutObjectTagging	Object	Write
RestoreObject	Object	Write
UploadPart	Object	Write
UploadPartCopy	Object	Write

ObjectStorageBucketsDeleteLink to this anchor

Amazon S3 Action	IAM Resource	IAM Action	Authorized
AbortMultipartUpload	Object	Delete
CompleteMultipartUpload	Object	Create
CopyObject	Object	Write
CreateBucket	Bucket	Create
CreateMultipartUpload	Object	Create
DeleteBucket	Bucket	Delete	✅
DeleteBucketCors	Bucket	Write
DeleteBucketLifecycle	Bucket	Write
DeleteBucketPolicy	Policy	Write
DeleteBucketTagging	Bucket	Write
DeleteBucketWebsite	Bucket	Write
DeleteObject	Object	Delete
DeleteObjects	Object	Delete
DeleteObjectTagging	Object	Write
GetBucketAcl	Bucket	Read
GetBucketCors	Bucket	Read
GetBucketLifecycleConfiguration	Bucket	Read
GetBucketLocation	Bucket	Read
GetBucketPolicy	Policy	Read
GetBucketPolicyStatus	Policy	Read
GetBucketTagging	Bucket	Read
GetBucketVersioning	Bucket	Read
GetBucketWebsite	Bucket	Read
GetObject	Object	Read
GetObjectAcl	Object	Read
GetObjectLegalHold	Object	Read
GetObjectLockConfiguration	Object	Read
GetObjectRetention	Object	Read
GetObjectTagging	Object	Read
HeadBucket	Bucket	Read
HeadObject	Object	Read
ListBuckets	Bucket	List
ListMultipartUploads	Object	List
ListObjects	Object	List
ListObjectsV2	Object	List
ListObjectVersions	Object	List
ListParts	Object	List
PostObject	Object	Create
PutBucketAcl	Bucket	Write
PutBucketCors	Bucket	Write
PutBucketLifecycleConfiguration	Bucket	Write
PutBucketPolicy	Policy	Write
PutBucketTagging	Bucket	Write
PutBucketVersioning	Bucket	Write
PutBucketWebsite	Bucket	Write
PutObject	Object	Create
PutObjectAcl	Object	Write
PutObjectLegalHold	Object	Write
PutObjectLockConfiguration	Object	Write
PutObjectRetention	Object	Write
PutObjectTagging	Object	Write
RestoreObject	Object	Write
UploadPart	Object	Write
UploadPartCopy	Object	Write

ObjectStorageObjectsReadLink to this anchor

Amazon S3 Action	IAM Resource	IAM Action	Authorized
AbortMultipartUpload	Object	Delete
CompleteMultipartUpload	Object	Create
CopyObject	Object	Write
CreateBucket	Bucket	Create
CreateMultipartUpload	Object	Create
DeleteBucket	Bucket	Delete
DeleteBucketCors	Bucket	Write
DeleteBucketLifecycle	Bucket	Write
DeleteBucketPolicy	Policy	Write
DeleteBucketTagging	Bucket	Write
DeleteBucketWebsite	Bucket	Write
DeleteObject	Object	Delete
DeleteObjects	Object	Delete
DeleteObjectTagging	Object	Write
GetBucketAcl	Bucket	Read
GetBucketCors	Bucket	Read
GetBucketLifecycleConfiguration	Bucket	Read
GetBucketLocation	Bucket	Read
GetBucketPolicy	Policy	Read
GetBucketPolicyStatus	Policy	Read
GetBucketTagging	Bucket	Read
GetBucketVersioning	Bucket	Read
GetBucketWebsite	Bucket	Read
GetObject	Object	Read	✅
GetObjectAcl	Object	Read	✅
GetObjectLegalHold	Object	Read	✅
GetObjectLockConfiguration	Object	Read	✅
GetObjectRetention	Object	Read	✅
GetObjectTagging	Object	Read	✅
HeadBucket	Bucket	Read
HeadObject	Object	Read	✅
ListBuckets	Bucket	List
ListMultipartUploads	Object	List	✅
ListObjects	Object	List	✅
ListObjectsV2	Object	List	✅
ListObjectVersions	Object	List	✅
ListParts	Object	List	✅
PostObject	Object	Create
PutBucketAcl	Bucket	Write
PutBucketCors	Bucket	Write
PutBucketLifecycleConfiguration	Bucket	Write
PutBucketPolicy	Policy	Write
PutBucketTagging	Bucket	Write
PutBucketVersioning	Bucket	Write
PutBucketWebsite	Bucket	Write
PutObject	Object	Create
PutObjectAcl	Object	Write
PutObjectLegalHold	Object	Write
PutObjectLockConfiguration	Object	Write
PutObjectRetention	Object	Write
PutObjectTagging	Object	Write
RestoreObject	Object	Write
UploadPart	Object	Write
UploadPartCopy	Object	Write

ObjectStorageObjectsWriteLink to this anchor

Amazon S3 Action	IAM Resource	IAM Action	Authorized
AbortMultipartUpload	Object	Delete
CompleteMultipartUpload	Object	Create	✅
CopyObject	Object	Write	✅
CreateBucket	Bucket	Create
CreateMultipartUpload	Object	Create	✅
DeleteBucket	Bucket	Delete
DeleteBucketCors	Bucket	Write
DeleteBucketLifecycle	Bucket	Write
DeleteBucketPolicy	Policy	Write
DeleteBucketTagging	Bucket	Write
DeleteBucketWebsite	Bucket	Write
DeleteObject	Object	Delete
DeleteObjects	Object	Delete
DeleteObjectTagging	Object	Write	✅
GetBucketAcl	Bucket	Read
GetBucketCors	Bucket	Read
GetBucketLifecycleConfiguration	Bucket	Read
GetBucketLocation	Bucket	Read
GetBucketPolicy	Policy	Read
GetBucketPolicyStatus	Policy	Read
GetBucketTagging	Bucket	Read
GetBucketVersioning	Bucket	Read
GetBucketWebsite	Bucket	Read
GetObject	Object	Read
GetObjectAcl	Object	Read
GetObjectLegalHold	Object	Read
GetObjectLockConfiguration	Object	Read
GetObjectRetention	Object	Read
GetObjectTagging	Object	Read
HeadBucket	Bucket	Read
HeadObject	Object	Read
ListBuckets	Bucket	List
ListMultipartUploads	Object	List
ListObjects	Object	List
ListObjectsV2	Object	List
ListObjectVersions	Object	List
ListParts	Object	List
PostObject	Object	Create	✅
PutBucketAcl	Bucket	Write
PutBucketCors	Bucket	Write
PutBucketLifecycleConfiguration	Bucket	Write
PutBucketPolicy	Policy	Write
PutBucketTagging	Bucket	Write
PutBucketVersioning	Bucket	Write
PutBucketWebsite	Bucket	Write
PutObject	Object	Create	✅
PutObjectAcl	Object	Write	✅
PutObjectLegalHold	Object	Write	✅
PutObjectLockConfiguration	Object	Write	✅
PutObjectRetention	Object	Write	✅
PutObjectTagging	Object	Write	✅
RestoreObject	Object	Write	✅
UploadPart	Object	Write	✅
UploadPartCopy	Object	Write	✅

ObjectStorageObjectsDeleteLink to this anchor

Amazon S3 Action	IAM Resource	IAM Action	Authorized
AbortMultipartUpload	Object	Delete	✅
CompleteMultipartUpload	Object	Create
CopyObject	Object	Write
CreateBucket	Bucket	Create
CreateMultipartUpload	Object	Create
DeleteBucket	Bucket	Delete
DeleteBucketCors	Bucket	Write
DeleteBucketLifecycle	Bucket	Write
DeleteBucketPolicy	Policy	Write
DeleteBucketTagging	Bucket	Write
DeleteBucketWebsite	Bucket	Write
DeleteObject	Object	Delete	✅
DeleteObjects	Object	Delete	✅
DeleteObjectTagging	Object	Write
GetBucketAcl	Bucket	Read
GetBucketCors	Bucket	Read
GetBucketLifecycleConfiguration	Bucket	Read
GetBucketLocation	Bucket	Read
GetBucketPolicy	Policy	Read
GetBucketPolicyStatus	Policy	Read
GetBucketTagging	Bucket	Read
GetBucketVersioning	Bucket	Read
GetBucketWebsite	Bucket	Read
GetObject	Object	Read
GetObjectAcl	Object	Read
GetObjectLegalHold	Object	Read
GetObjectLockConfiguration	Object	Read
GetObjectRetention	Object	Read
GetObjectTagging	Object	Read
HeadBucket	Bucket	Read
HeadObject	Object	Read
ListBuckets	Bucket	List
ListMultipartUploads	Object	List
ListObjects	Object	List
ListObjectsV2	Object	List
ListObjectVersions	Object	List
ListParts	Object	List
PostObject	Object	Create
PutBucketAcl	Bucket	Write
PutBucketCors	Bucket	Write
PutBucketLifecycleConfiguration	Bucket	Write
PutBucketPolicy	Policy	Write
PutBucketTagging	Bucket	Write
PutBucketVersioning	Bucket	Write
PutBucketWebsite	Bucket	Write
PutObject	Object	Create
PutObjectAcl	Object	Write
PutObjectLegalHold	Object	Write
PutObjectLockConfiguration	Object	Write
PutObjectRetention	Object	Write
PutObjectTagging	Object	Write
RestoreObject	Object	Write
UploadPart	Object	Write
UploadPartCopy	Object	Write

Was this page helpful?