Amazon S3 and IAM permissions equivalence
ObjectStorageFullAccessLink to this anchor
| Amazon S3 action | IAM resource | IAM action | Authorized |
|---|---|---|---|
| DeleteBucketPolicy | Policy | Write | Yes |
| GetBucketPolicy | Policy | Read | Yes |
| GetBucketPolicyStatus | Policy | Read | Yes |
| PutBucketPolicy | Policy | Write | Yes |
| CreateBucket | Bucket | Create | Yes |
| DeleteBucket | Bucket | Delete | Yes |
| DeleteBucketCors | Bucket | Write | Yes |
| DeleteBucketLifecycle | Bucket | Write | Yes |
| DeleteBucketTagging | Bucket | Write | Yes |
| DeleteBucketWebsite | Bucket | Write | Yes |
| GetBucketAcl | Bucket | Read | Yes |
| GetBucketCors | Bucket | Read | Yes |
| GetBucketLifecycleConfiguration | Bucket | Read | Yes |
| GetBucketLocation | Bucket | Read | Yes |
| GetBucketTagging | Bucket | Read | Yes |
| GetBucketVersioning | Bucket | Read | Yes |
| GetBucketWebsite | Bucket | Read | Yes |
| HeadBucket | Bucket | Read | Yes |
| ListBuckets | Bucket | List | Yes |
| PutBucketAcl | Bucket | Write | Yes |
| PutBucketCors | Bucket | Write | Yes |
| PutBucketLifecycleConfiguration | Bucket | Write | Yes |
| PutBucketTagging | Bucket | Write | Yes |
| PutBucketVersioning | Bucket | Write | Yes |
| PutBucketWebsite | Bucket | Write | Yes |
| AbortMultipartUpload | Object | Delete | Yes |
| CompleteMultipartUpload | Object | Create | Yes |
| CopyObject | Object | Write | Yes |
| CreateMultipartUpload | Object | Create | Yes |
| DeleteObject | Object | Delete | Yes |
| DeleteObjects | Object | Delete | Yes |
| DeleteObjectTagging | Object | Write | Yes |
| GetObject | Object | Read | Yes |
| GetObjectAcl | Object | Read | Yes |
| GetObjectLegalHold | Object | Read | Yes |
| GetObjectLockConfiguration | Object | Read | Yes |
| GetObjectRetention | Object | Read | Yes |
| GetObjectTagging | Object | Read | Yes |
| HeadObject | Object | Read | Yes |
| ListMultipartUploads | Object | List | Yes |
| ListObjects | Object | List | Yes |
| ListObjectsV2 | Object | List | Yes |
| ListObjectVersions | Object | List | Yes |
| ListParts | Object | List | Yes |
| PutObject | Object | Create | Yes |
| PutObjectAcl | Object | Write | Yes |
| PutObjectLegalHold | Object | Write | Yes |
| PutObjectLockConfiguration | Object | Write | Yes |
| PutObjectRetention | Object | Write | Yes |
| PutObjectTagging | Object | Write | Yes |
| RestoreObject | Object | Write | Yes |
| UploadPart | Object | Write | Yes |
| UploadPartCopy | Object | Write | Yes |
| PostObject | Object | Create | Yes |
ObjectStorageReadOnlyLink to this anchor
| Amazon S3 Action | IAM Resource | IAM Action | Authorized |
|---|---|---|---|
| AbortMultipartUpload | Object | Delete | No |
| CompleteMultipartUpload | Object | Create | No |
| CopyObject | Object | Write | No |
| CreateBucket | Bucket | Create | No |
| CreateMultipartUpload | Object | Create | No |
| DeleteBucket | Bucket | Delete | No |
| DeleteBucketCors | Bucket | Write | No |
| DeleteBucketLifecycle | Bucket | Write | No |
| DeleteBucketPolicy | Policy | Write | No |
| DeleteBucketTagging | Bucket | Write | No |
| DeleteBucketWebsite | Bucket | Write | No |
| DeleteObject | Object | Delete | No |
| DeleteObjects | Object | Delete | No |
| DeleteObjectTagging | Object | Write | No |
| GetBucketAcl | Bucket | Read | Yes |
| GetBucketCors | Bucket | Read | Yes |
| GetBucketLifecycleConfiguration | Bucket | Read | Yes |
| GetBucketLocation | Bucket | Read | Yes |
| GetBucketPolicy | Policy | Read | Yes |
| GetBucketPolicyStatus | Policy | Read | Yes |
| GetBucketTagging | Bucket | Read | Yes |
| GetBucketVersioning | Bucket | Read | Yes |
| GetBucketWebsite | Bucket | Read | Yes |
| GetObject | Object | Read | Yes |
| GetObjectAcl | Object | Read | Yes |
| GetObjectLegalHold | Object | Read | Yes |
| GetObjectLockConfiguration | Object | Read | Yes |
| GetObjectRetention | Object | Read | Yes |
| GetObjectTagging | Object | Read | Yes |
| HeadBucket | Bucket | Read | Yes |
| HeadObject | Object | Read | Yes |
| ListBuckets | Bucket | List | Yes |
| ListMultipartUploads | Object | List | Yes |
| ListObjects | Object | List | Yes |
| ListObjectsV2 | Object | List | Yes |
| ListObjectVersions | Object | List | Yes |
| ListParts | Object | List | Yes |
| PostObject | Object | Create | No |
| PutBucketAcl | Bucket | Write | No |
| PutBucketCors | Bucket | Write | No |
| PutBucketLifecycleConfiguration | Bucket | Write | No |
| PutBucketPolicy | Policy | Write | No |
| PutBucketTagging | Bucket | Write | No |
| PutBucketVersioning | Bucket | Write | No |
| PutBucketWebsite | Bucket | Write | No |
| PutObject | Object | Create | No |
| PutObjectAcl | Object | Write | No |
| PutObjectLegalHold | Object | Write | No |
| PutObjectLockConfiguration | Object | Write | No |
| PutObjectRetention | Object | Write | No |
| PutObjectTagging | Object | Write | No |
| RestoreObject | Object | Write | No |
| UploadPart | Object | Write | No |
| UploadPartCopy | Object | Write | No |
ObjectStorageBucketsReadLink to this anchor
| Amazon S3 Action | IAM Resource | IAM Action | Authorized |
|---|---|---|---|
| AbortMultipartUpload | Object | Delete | No |
| CompleteMultipartUpload | Object | Create | No |
| CopyObject | Object | Write | No |
| CreateBucket | Bucket | Create | No |
| CreateMultipartUpload | Object | Create | No |
| DeleteBucket | Bucket | Delete | No |
| DeleteBucketCors | Bucket | Write | No |
| DeleteBucketLifecycle | Bucket | Write | No |
| DeleteBucketPolicy | Policy | Write | No |
| DeleteBucketTagging | Bucket | Write | No |
| DeleteBucketWebsite | Bucket | Write | No |
| DeleteObject | Object | Delete | No |
| DeleteObjects | Object | Delete | No |
| DeleteObjectTagging | Object | Write | No |
| GetBucketAcl | Bucket | Read | Yes |
| GetBucketCors | Bucket | Read | Yes |
| GetBucketLifecycleConfiguration | Bucket | Read | Yes |
| GetBucketLocation | Bucket | Read | Yes |
| GetBucketPolicy | Policy | Read | No |
| GetBucketPolicyStatus | Policy | Read | No |
| GetBucketTagging | Bucket | Read | Yes |
| GetBucketVersioning | Bucket | Read | Yes |
| GetBucketWebsite | Bucket | Read | Yes |
| GetObject | Object | Read | No |
| GetObjectAcl | Object | Read | No |
| GetObjectLegalHold | Object | Read | No |
| GetObjectLockConfiguration | Object | Read | No |
| GetObjectRetention | Object | Read | No |
| GetObjectTagging | Object | Read | No |
| HeadBucket | Bucket | Read | Yes |
| HeadObject | Object | Read | No |
| ListBuckets | Bucket | List | Yes |
| ListMultipartUploads | Object | List | No |
| ListObjects | Object | List | No |
| ListObjectsV2 | Object | List | No |
| ListObjectVersions | Object | List | No |
| ListParts | Object | List | No |
| PostObject | Object | Create | No |
| PutBucketAcl | Bucket | Write | No |
| PutBucketCors | Bucket | Write | No |
| PutBucketLifecycleConfiguration | Bucket | Write | No |
| PutBucketPolicy | Policy | Write | No |
| PutBucketTagging | Bucket | Write | No |
| PutBucketVersioning | Bucket | Write | No |
| PutBucketWebsite | Bucket | Write | No |
| PutObject | Object | Create | No |
| PutObjectAcl | Object | Write | No |
| PutObjectLegalHold | Object | Write | No |
| PutObjectLockConfiguration | Object | Write | No |
| PutObjectRetention | Object | Write | No |
| PutObjectTagging | Object | Write | No |
| RestoreObject | Object | Write | No |
| UploadPart | Object | Write | No |
| UploadPartCopy | Object | Write | No |
ObjectStorageBucketsWriteLink to this anchor
| Amazon S3 Action | IAM Resource | IAM Action | Authorized |
|---|---|---|---|
| AbortMultipartUpload | Object | Delete | No |
| CompleteMultipartUpload | Object | Create | No |
| CopyObject | Object | Write | No |
| CreateBucket | Bucket | Create | Yes |
| CreateMultipartUpload | Object | Create | No |
| DeleteBucket | Bucket | Delete | No |
| DeleteBucketCors | Bucket | Write | Yes |
| DeleteBucketLifecycle | Bucket | Write | Yes |
| DeleteBucketPolicy | Policy | Write | No |
| DeleteBucketTagging | Bucket | Write | Yes |
| DeleteBucketWebsite | Bucket | Write | Yes |
| DeleteObject | Object | Delete | No |
| DeleteObjects | Object | Delete | No |
| DeleteObjectTagging | Object | Write | No |
| GetBucketAcl | Bucket | Read | No |
| GetBucketCors | Bucket | Read | No |
| GetBucketLifecycleConfiguration | Bucket | Read | No |
| GetBucketLocation | Bucket | Read | No |
| GetBucketPolicy | Policy | Read | No |
| GetBucketPolicyStatus | Policy | Read | No |
| GetBucketTagging | Bucket | Read | No |
| GetBucketVersioning | Bucket | Read | No |
| GetBucketWebsite | Bucket | Read | No |
| GetObject | Object | Read | No |
| GetObjectAcl | Object | Read | No |
| GetObjectLegalHold | Object | Read | No |
| GetObjectLockConfiguration | Object | Read | No |
| GetObjectRetention | Object | Read | No |
| GetObjectTagging | Object | Read | No |
| HeadBucket | Bucket | Read | No |
| HeadObject | Object | Read | No |
| ListBuckets | Bucket | List | No |
| ListMultipartUploads | Object | List | No |
| ListObjects | Object | List | No |
| ListObjectsV2 | Object | List | No |
| ListObjectVersions | Object | List | No |
| ListParts | Object | List | No |
| PostObject | Object | Create | No |
| PutBucketAcl | Bucket | Write | Yes |
| PutBucketCors | Bucket | Write | Yes |
| PutBucketLifecycleConfiguration | Bucket | Write | Yes |
| PutBucketPolicy | Policy | Write | No |
| PutBucketTagging | Bucket | Write | Yes |
| PutBucketVersioning | Bucket | Write | Yes |
| PutBucketWebsite | Bucket | Write | Yes |
| PutObject | Object | Create | No |
| PutObjectAcl | Object | Write | No |
| PutObjectLegalHold | Object | Write | No |
| PutObjectLockConfiguration | Object | Write | No |
| PutObjectRetention | Object | Write | No |
| PutObjectTagging | Object | Write | No |
| RestoreObject | Object | Write | No |
| UploadPart | Object | Write | No |
| UploadPartCopy | Object | Write | No |
ObjectStorageBucketsDeleteLink to this anchor
| Amazon S3 Action | IAM Resource | IAM Action | Authorized |
|---|---|---|---|
| AbortMultipartUpload | Object | Delete | No |
| CompleteMultipartUpload | Object | Create | No |
| CopyObject | Object | Write | No |
| CreateBucket | Bucket | Create | No |
| CreateMultipartUpload | Object | Create | No |
| DeleteBucket | Bucket | Delete | Yes |
| DeleteBucketCors | Bucket | Write | No |
| DeleteBucketLifecycle | Bucket | Write | No |
| DeleteBucketPolicy | Policy | Write | No |
| DeleteBucketTagging | Bucket | Write | No |
| DeleteBucketWebsite | Bucket | Write | No |
| DeleteObject | Object | Delete | No |
| DeleteObjects | Object | Delete | No |
| DeleteObjectTagging | Object | Write | No |
| GetBucketAcl | Bucket | Read | No |
| GetBucketCors | Bucket | Read | No |
| GetBucketLifecycleConfiguration | Bucket | Read | No |
| GetBucketLocation | Bucket | Read | No |
| GetBucketPolicy | Policy | Read | No |
| GetBucketPolicyStatus | Policy | Read | No |
| GetBucketTagging | Bucket | Read | No |
| GetBucketVersioning | Bucket | Read | No |
| GetBucketWebsite | Bucket | Read | No |
| GetObject | Object | Read | No |
| GetObjectAcl | Object | Read | No |
| GetObjectLegalHold | Object | Read | No |
| GetObjectLockConfiguration | Object | Read | No |
| GetObjectRetention | Object | Read | No |
| GetObjectTagging | Object | Read | No |
| HeadBucket | Bucket | Read | No |
| HeadObject | Object | Read | No |
| ListBuckets | Bucket | List | No |
| ListMultipartUploads | Object | List | No |
| ListObjects | Object | List | No |
| ListObjectsV2 | Object | List | No |
| ListObjectVersions | Object | List | No |
| ListParts | Object | List | No |
| PostObject | Object | Create | No |
| PutBucketAcl | Bucket | Write | No |
| PutBucketCors | Bucket | Write | No |
| PutBucketLifecycleConfiguration | Bucket | Write | No |
| PutBucketPolicy | Policy | Write | No |
| PutBucketTagging | Bucket | Write | No |
| PutBucketVersioning | Bucket | Write | No |
| PutBucketWebsite | Bucket | Write | No |
| PutObject | Object | Create | No |
| PutObjectAcl | Object | Write | No |
| PutObjectLegalHold | Object | Write | No |
| PutObjectLockConfiguration | Object | Write | No |
| PutObjectRetention | Object | Write | No |
| PutObjectTagging | Object | Write | No |
| RestoreObject | Object | Write | No |
| UploadPart | Object | Write | No |
| UploadPartCopy | Object | Write | No |
ObjectStorageObjectsReadLink to this anchor
| Amazon S3 Action | IAM Resource | IAM Action | Authorized |
|---|---|---|---|
| AbortMultipartUpload | Object | Delete | No |
| CompleteMultipartUpload | Object | Create | No |
| CopyObject | Object | Write | No |
| CreateBucket | Bucket | Create | No |
| CreateMultipartUpload | Object | Create | No |
| DeleteBucket | Bucket | Delete | No |
| DeleteBucketCors | Bucket | Write | No |
| DeleteBucketLifecycle | Bucket | Write | No |
| DeleteBucketPolicy | Policy | Write | No |
| DeleteBucketTagging | Bucket | Write | No |
| DeleteBucketWebsite | Bucket | Write | No |
| DeleteObject | Object | Delete | No |
| DeleteObjects | Object | Delete | No |
| DeleteObjectTagging | Object | Write | No |
| GetBucketAcl | Bucket | Read | No |
| GetBucketCors | Bucket | Read | No |
| GetBucketLifecycleConfiguration | Bucket | Read | No |
| GetBucketLocation | Bucket | Read | No |
| GetBucketPolicy | Policy | Read | No |
| GetBucketPolicyStatus | Policy | Read | No |
| GetBucketTagging | Bucket | Read | No |
| GetBucketVersioning | Bucket | Read | No |
| GetBucketWebsite | Bucket | Read | No |
| GetObject | Object | Read | Yes |
| GetObjectAcl | Object | Read | Yes |
| GetObjectLegalHold | Object | Read | Yes |
| GetObjectLockConfiguration | Object | Read | Yes |
| GetObjectRetention | Object | Read | Yes |
| GetObjectTagging | Object | Read | Yes |
| HeadBucket | Bucket | Read | No |
| HeadObject | Object | Read | Yes |
| ListBuckets | Bucket | List | No |
| ListMultipartUploads | Object | List | Yes |
| ListObjects | Object | List | Yes |
| ListObjectsV2 | Object | List | Yes |
| ListObjectVersions | Object | List | Yes |
| ListParts | Object | List | Yes |
| PostObject | Object | Create | No |
| PutBucketAcl | Bucket | Write | No |
| PutBucketCors | Bucket | Write | No |
| PutBucketLifecycleConfiguration | Bucket | Write | No |
| PutBucketPolicy | Policy | Write | No |
| PutBucketTagging | Bucket | Write | No |
| PutBucketVersioning | Bucket | Write | No |
| PutBucketWebsite | Bucket | Write | No |
| PutObject | Object | Create | No |
| PutObjectAcl | Object | Write | No |
| PutObjectLegalHold | Object | Write | No |
| PutObjectLockConfiguration | Object | Write | No |
| PutObjectRetention | Object | Write | No |
| PutObjectTagging | Object | Write | No |
| RestoreObject | Object | Write | No |
| UploadPart | Object | Write | No |
| UploadPartCopy | Object | Write | No |
ObjectStorageObjectsWriteLink to this anchor
| Amazon S3 action | IAM resource | IAM action | Authorized |
|---|---|---|---|
| AbortMultipartUpload | Object | Delete | No |
| CompleteMultipartUpload | Object | Create | Yes |
| CopyObject | Object | Write | Yes |
| CreateBucket | Bucket | Create | No |
| CreateMultipartUpload | Object | Create | Yes |
| DeleteBucket | Bucket | Delete | No |
| DeleteBucketCors | Bucket | Write | No |
| DeleteBucketLifecycle | Bucket | Write | No |
| DeleteBucketPolicy | Policy | Write | No |
| DeleteBucketTagging | Bucket | Write | No |
| DeleteBucketWebsite | Bucket | Write | No |
| DeleteObject | Object | Delete | No |
| DeleteObjects | Object | Delete | No |
| DeleteObjectTagging | Object | Write | Yes |
| GetBucketAcl | Bucket | Read | No |
| GetBucketCors | Bucket | Read | No |
| GetBucketLifecycleConfiguration | Bucket | Read | No |
| GetBucketLocation | Bucket | Read | No |
| GetBucketPolicy | Policy | Read | No |
| GetBucketPolicyStatus | Policy | Read | No |
| GetBucketTagging | Bucket | Read | No |
| GetBucketVersioning | Bucket | Read | No |
| GetBucketWebsite | Bucket | Read | No |
| GetObject | Object | Read | No |
| GetObjectAcl | Object | Read | No |
| GetObjectLegalHold | Object | Read | No |
| GetObjectLockConfiguration | Object | Read | No |
| GetObjectRetention | Object | Read | No |
| GetObjectTagging | Object | Read | No |
| HeadBucket | Bucket | Read | No |
| HeadObject | Object | Read | No |
| ListBuckets | Bucket | List | No |
| ListMultipartUploads | Object | List | No |
| ListObjects | Object | List | No |
| ListObjectsV2 | Object | List | No |
| ListObjectVersions | Object | List | No |
| ListParts | Object | List | No |
| PostObject | Object | Create | Yes |
| PutBucketAcl | Bucket | Write | No |
| PutBucketCors | Bucket | Write | No |
| PutBucketLifecycleConfiguration | Bucket | Write | No |
| PutBucketPolicy | Policy | Write | No |
| PutBucketTagging | Bucket | Write | No |
| PutBucketVersioning | Bucket | Write | No |
| PutBucketWebsite | Bucket | Write | No |
| PutObject | Object | Create | Yes |
| PutObjectAcl | Object | Write | Yes |
| PutObjectLegalHold | Object | Write | Yes |
| PutObjectLockConfiguration | Object | Write | Yes |
| PutObjectRetention | Object | Write | Yes |
| PutObjectTagging | Object | Write | Yes |
| RestoreObject | Object | Write | Yes |
| UploadPart | Object | Write | Yes |
| UploadPartCopy | Object | Write | Yes |
ObjectStorageObjectsDeleteLink to this anchor
| Amazon S3 Action | IAM Resource | IAM Action | Authorized |
|---|---|---|---|
| AbortMultipartUpload | Object | Delete | Yes |
| CompleteMultipartUpload | Object | Create | No |
| CopyObject | Object | Write | No |
| CreateBucket | Bucket | Create | No |
| CreateMultipartUpload | Object | Create | No |
| DeleteBucket | Bucket | Delete | No |
| DeleteBucketCors | Bucket | Write | No |
| DeleteBucketLifecycle | Bucket | Write | No |
| DeleteBucketPolicy | Policy | Write | No |
| DeleteBucketTagging | Bucket | Write | No |
| DeleteBucketWebsite | Bucket | Write | No |
| DeleteObject | Object | Delete | Yes |
| DeleteObjects | Object | Delete | Yes |
| DeleteObjectTagging | Object | Write | No |
| GetBucketAcl | Bucket | Read | No |
| GetBucketCors | Bucket | Read | No |
| GetBucketLifecycleConfiguration | Bucket | Read | No |
| GetBucketLocation | Bucket | Read | No |
| GetBucketPolicy | Policy | Read | No |
| GetBucketPolicyStatus | Policy | Read | No |
| GetBucketTagging | Bucket | Read | No |
| GetBucketVersioning | Bucket | Read | No |
| GetBucketWebsite | Bucket | Read | No |
| GetObject | Object | Read | No |
| GetObjectAcl | Object | Read | No |
| GetObjectLegalHold | Object | Read | No |
| GetObjectLockConfiguration | Object | Read | No |
| GetObjectRetention | Object | Read | No |
| GetObjectTagging | Object | Read | No |
| HeadBucket | Bucket | Read | No |
| HeadObject | Object | Read | No |
| ListBuckets | Bucket | List | No |
| ListMultipartUploads | Object | List | No |
| ListObjects | Object | List | No |
| ListObjectsV2 | Object | List | No |
| ListObjectVersions | Object | List | No |
| ListParts | Object | List | No |
| PostObject | Object | Create | No |
| PutBucketAcl | Bucket | Write | No |
| PutBucketCors | Bucket | Write | No |
| PutBucketLifecycleConfiguration | Bucket | Write | No |
| PutBucketPolicy | Policy | Write | No |
| PutBucketTagging | Bucket | Write | No |
| PutBucketVersioning | Bucket | Write | No |
| PutBucketWebsite | Bucket | Write | No |
| PutObject | Object | Create | No |
| PutObjectAcl | Object | Write | No |
| PutObjectLegalHold | Object | Write | No |
| PutObjectLockConfiguration | Object | Write | No |
| PutObjectRetention | Object | Write | No |
| PutObjectTagging | Object | Write | No |
| RestoreObject | Object | Write | No |
| UploadPart | Object | Write | No |
| UploadPartCopy | Object | Write | No |
Was this page helpful?