Amazon S3 and IAM permissions equivalence
ObjectStorageFullAccess
| Amazon S3 Action | IAM Resource | IAM Action | Authorized |
|---|---|---|---|
| DeleteBucketPolicy | Policy | Write | ✅ |
| GetBucketPolicy | Policy | Read | ✅ |
| GetBucketPolicyStatus | Policy | Read | ✅ |
| PutBucketPolicy | Policy | Write | ✅ |
| CreateBucket | Bucket | Create | ✅ |
| DeleteBucket | Bucket | Delete | ✅ |
| DeleteBucketCors | Bucket | Write | ✅ |
| DeleteBucketLifecycle | Bucket | Write | ✅ |
| DeleteBucketTagging | Bucket | Write | ✅ |
| DeleteBucketWebsite | Bucket | Write | ✅ |
| GetBucketAcl | Bucket | Read | ✅ |
| GetBucketCors | Bucket | Read | ✅ |
| GetBucketLifecycleConfiguration | Bucket | Read | ✅ |
| GetBucketLocation | Bucket | Read | ✅ |
| GetBucketTagging | Bucket | Read | ✅ |
| GetBucketVersioning | Bucket | Read | ✅ |
| GetBucketWebsite | Bucket | Read | ✅ |
| HeadBucket | Bucket | Read | ✅ |
| ListBuckets | Bucket | List | ✅ |
| PutBucketAcl | Bucket | Write | ✅ |
| PutBucketCors | Bucket | Write | ✅ |
| PutBucketLifecycleConfiguration | Bucket | Write | ✅ |
| PutBucketTagging | Bucket | Write | ✅ |
| PutBucketVersioning | Bucket | Write | ✅ |
| PutBucketWebsite | Bucket | Write | ✅ |
| AbortMultipartUpload | Object | Delete | ✅ |
| CompleteMultipartUpload | Object | Create | ✅ |
| CopyObject | Object | Write | ✅ |
| CreateMultipartUpload | Object | Create | ✅ |
| DeleteObject | Object | Delete | ✅ |
| DeleteObjects | Object | Delete | ✅ |
| DeleteObjectTagging | Object | Write | ✅ |
| GetObject | Object | Read | ✅ |
| GetObjectAcl | Object | Read | ✅ |
| GetObjectLegalHold | Object | Read | ✅ |
| GetObjectLockConfiguration | Object | Read | ✅ |
| GetObjectRetention | Object | Read | ✅ |
| GetObjectTagging | Object | Read | ✅ |
| HeadObject | Object | Read | ✅ |
| ListMultipartUploads | Object | List | ✅ |
| ListObjects | Object | List | ✅ |
| ListObjectsV2 | Object | List | ✅ |
| ListObjectVersions | Object | List | ✅ |
| ListParts | Object | List | ✅ |
| PutObject | Object | Create | ✅ |
| PutObjectAcl | Object | Write | ✅ |
| PutObjectLegalHold | Object | Write | ✅ |
| PutObjectLockConfiguration | Object | Write | ✅ |
| PutObjectRetention | Object | Write | ✅ |
| PutObjectTagging | Object | Write | ✅ |
| RestoreObject | Object | Write | ✅ |
| UploadPart | Object | Write | ✅ |
| UploadPartCopy | Object | Write | ✅ |
| PostObject | Object | Create | ✅ |
ObjectStorageReadOnly
| Amazon S3 Action | IAM Resource | IAM Action | Authorized |
|---|---|---|---|
| AbortMultipartUpload | Object | Delete | |
| CompleteMultipartUpload | Object | Create | |
| CopyObject | Object | Write | |
| CreateBucket | Bucket | Create | |
| CreateMultipartUpload | Object | Create | |
| DeleteBucket | Bucket | Delete | |
| DeleteBucketCors | Bucket | Write | |
| DeleteBucketLifecycle | Bucket | Write | |
| DeleteBucketPolicy | Policy | Write | |
| DeleteBucketTagging | Bucket | Write | |
| DeleteBucketWebsite | Bucket | Write | |
| DeleteObject | Object | Delete | |
| DeleteObjects | Object | Delete | |
| DeleteObjectTagging | Object | Write | |
| GetBucketAcl | Bucket | Read | ✅ |
| GetBucketCors | Bucket | Read | ✅ |
| GetBucketLifecycleConfiguration | Bucket | Read | ✅ |
| GetBucketLocation | Bucket | Read | ✅ |
| GetBucketPolicy | Policy | Read | ✅ |
| GetBucketPolicyStatus | Policy | Read | ✅ |
| GetBucketTagging | Bucket | Read | ✅ |
| GetBucketVersioning | Bucket | Read | ✅ |
| GetBucketWebsite | Bucket | Read | ✅ |
| GetObject | Object | Read | ✅ |
| GetObjectAcl | Object | Read | ✅ |
| GetObjectLegalHold | Object | Read | ✅ |
| GetObjectLockConfiguration | Object | Read | ✅ |
| GetObjectRetention | Object | Read | ✅ |
| GetObjectTagging | Object | Read | ✅ |
| HeadBucket | Bucket | Read | ✅ |
| HeadObject | Object | Read | ✅ |
| ListBuckets | Bucket | List | ✅ |
| ListMultipartUploads | Object | List | ✅ |
| ListObjects | Object | List | ✅ |
| ListObjectsV2 | Object | List | ✅ |
| ListObjectVersions | Object | List | ✅ |
| ListParts | Object | List | ✅ |
| PostObject | Object | Create | |
| PutBucketAcl | Bucket | Write | |
| PutBucketCors | Bucket | Write | |
| PutBucketLifecycleConfiguration | Bucket | Write | |
| PutBucketPolicy | Policy | Write | |
| PutBucketTagging | Bucket | Write | |
| PutBucketVersioning | Bucket | Write | |
| PutBucketWebsite | Bucket | Write | |
| PutObject | Object | Create | |
| PutObjectAcl | Object | Write | |
| PutObjectLegalHold | Object | Write | |
| PutObjectLockConfiguration | Object | Write | |
| PutObjectRetention | Object | Write | |
| PutObjectTagging | Object | Write | |
| RestoreObject | Object | Write | |
| UploadPart | Object | Write | |
| UploadPartCopy | Object | Write |
ObjectStorageBucketsRead
| Amazon S3 Action | IAM Resource | IAM Action | Authorized |
|---|---|---|---|
| AbortMultipartUpload | Object | Delete | |
| CompleteMultipartUpload | Object | Create | |
| CopyObject | Object | Write | |
| CreateBucket | Bucket | Create | |
| CreateMultipartUpload | Object | Create | |
| DeleteBucket | Bucket | Delete | |
| DeleteBucketCors | Bucket | Write | |
| DeleteBucketLifecycle | Bucket | Write | |
| DeleteBucketPolicy | Policy | Write | |
| DeleteBucketTagging | Bucket | Write | |
| DeleteBucketWebsite | Bucket | Write | |
| DeleteObject | Object | Delete | |
| DeleteObjects | Object | Delete | |
| DeleteObjectTagging | Object | Write | |
| GetBucketAcl | Bucket | Read | ✅ |
| GetBucketCors | Bucket | Read | ✅ |
| GetBucketLifecycleConfiguration | Bucket | Read | ✅ |
| GetBucketLocation | Bucket | Read | ✅ |
| GetBucketPolicy | Policy | Read | |
| GetBucketPolicyStatus | Policy | Read | |
| GetBucketTagging | Bucket | Read | ✅ |
| GetBucketVersioning | Bucket | Read | ✅ |
| GetBucketWebsite | Bucket | Read | ✅ |
| GetObject | Object | Read | |
| GetObjectAcl | Object | Read | |
| GetObjectLegalHold | Object | Read | |
| GetObjectLockConfiguration | Object | Read | |
| GetObjectRetention | Object | Read | |
| GetObjectTagging | Object | Read | |
| HeadBucket | Bucket | Read | ✅ |
| HeadObject | Object | Read | |
| ListBuckets | Bucket | List | ✅ |
| ListMultipartUploads | Object | List | |
| ListObjects | Object | List | |
| ListObjectsV2 | Object | List | |
| ListObjectVersions | Object | List | |
| ListParts | Object | List | |
| PostObject | Object | Create | |
| PutBucketAcl | Bucket | Write | |
| PutBucketCors | Bucket | Write | |
| PutBucketLifecycleConfiguration | Bucket | Write | |
| PutBucketPolicy | Policy | Write | |
| PutBucketTagging | Bucket | Write | |
| PutBucketVersioning | Bucket | Write | |
| PutBucketWebsite | Bucket | Write | |
| PutObject | Object | Create | |
| PutObjectAcl | Object | Write | |
| PutObjectLegalHold | Object | Write | |
| PutObjectLockConfiguration | Object | Write | |
| PutObjectRetention | Object | Write | |
| PutObjectTagging | Object | Write | |
| RestoreObject | Object | Write | |
| UploadPart | Object | Write | |
| UploadPartCopy | Object | Write |
ObjectStorageBucketsWrite
| Amazon S3 Action | IAM Resource | IAM Action | Authorized |
|---|---|---|---|
| AbortMultipartUpload | Object | Delete | |
| CompleteMultipartUpload | Object | Create | |
| CopyObject | Object | Write | |
| CreateBucket | Bucket | Create | ✅ |
| CreateMultipartUpload | Object | Create | |
| DeleteBucket | Bucket | Delete | |
| DeleteBucketCors | Bucket | Write | ✅ |
| DeleteBucketLifecycle | Bucket | Write | ✅ |
| DeleteBucketPolicy | Policy | Write | |
| DeleteBucketTagging | Bucket | Write | ✅ |
| DeleteBucketWebsite | Bucket | Write | ✅ |
| DeleteObject | Object | Delete | |
| DeleteObjects | Object | Delete | |
| DeleteObjectTagging | Object | Write | |
| GetBucketAcl | Bucket | Read | |
| GetBucketCors | Bucket | Read | |
| GetBucketLifecycleConfiguration | Bucket | Read | |
| GetBucketLocation | Bucket | Read | |
| GetBucketPolicy | Policy | Read | |
| GetBucketPolicyStatus | Policy | Read | |
| GetBucketTagging | Bucket | Read | |
| GetBucketVersioning | Bucket | Read | |
| GetBucketWebsite | Bucket | Read | |
| GetObject | Object | Read | |
| GetObjectAcl | Object | Read | |
| GetObjectLegalHold | Object | Read | |
| GetObjectLockConfiguration | Object | Read | |
| GetObjectRetention | Object | Read | |
| GetObjectTagging | Object | Read | |
| HeadBucket | Bucket | Read | |
| HeadObject | Object | Read | |
| ListBuckets | Bucket | List | |
| ListMultipartUploads | Object | List | |
| ListObjects | Object | List | |
| ListObjectsV2 | Object | List | |
| ListObjectVersions | Object | List | |
| ListParts | Object | List | |
| PostObject | Object | Create | |
| PutBucketAcl | Bucket | Write | ✅ |
| PutBucketCors | Bucket | Write | ✅ |
| PutBucketLifecycleConfiguration | Bucket | Write | ✅ |
| PutBucketPolicy | Policy | Write | |
| PutBucketTagging | Bucket | Write | ✅ |
| PutBucketVersioning | Bucket | Write | ✅ |
| PutBucketWebsite | Bucket | Write | ✅ |
| PutObject | Object | Create | |
| PutObjectAcl | Object | Write | |
| PutObjectLegalHold | Object | Write | |
| PutObjectLockConfiguration | Object | Write | |
| PutObjectRetention | Object | Write | |
| PutObjectTagging | Object | Write | |
| RestoreObject | Object | Write | |
| UploadPart | Object | Write | |
| UploadPartCopy | Object | Write |
ObjectStorageBucketsDelete
| Amazon S3 Action | IAM Resource | IAM Action | Authorized |
|---|---|---|---|
| AbortMultipartUpload | Object | Delete | |
| CompleteMultipartUpload | Object | Create | |
| CopyObject | Object | Write | |
| CreateBucket | Bucket | Create | |
| CreateMultipartUpload | Object | Create | |
| DeleteBucket | Bucket | Delete | ✅ |
| DeleteBucketCors | Bucket | Write | |
| DeleteBucketLifecycle | Bucket | Write | |
| DeleteBucketPolicy | Policy | Write | |
| DeleteBucketTagging | Bucket | Write | |
| DeleteBucketWebsite | Bucket | Write | |
| DeleteObject | Object | Delete | |
| DeleteObjects | Object | Delete | |
| DeleteObjectTagging | Object | Write | |
| GetBucketAcl | Bucket | Read | |
| GetBucketCors | Bucket | Read | |
| GetBucketLifecycleConfiguration | Bucket | Read | |
| GetBucketLocation | Bucket | Read | |
| GetBucketPolicy | Policy | Read | |
| GetBucketPolicyStatus | Policy | Read | |
| GetBucketTagging | Bucket | Read | |
| GetBucketVersioning | Bucket | Read | |
| GetBucketWebsite | Bucket | Read | |
| GetObject | Object | Read | |
| GetObjectAcl | Object | Read | |
| GetObjectLegalHold | Object | Read | |
| GetObjectLockConfiguration | Object | Read | |
| GetObjectRetention | Object | Read | |
| GetObjectTagging | Object | Read | |
| HeadBucket | Bucket | Read | |
| HeadObject | Object | Read | |
| ListBuckets | Bucket | List | |
| ListMultipartUploads | Object | List | |
| ListObjects | Object | List | |
| ListObjectsV2 | Object | List | |
| ListObjectVersions | Object | List | |
| ListParts | Object | List | |
| PostObject | Object | Create | |
| PutBucketAcl | Bucket | Write | |
| PutBucketCors | Bucket | Write | |
| PutBucketLifecycleConfiguration | Bucket | Write | |
| PutBucketPolicy | Policy | Write | |
| PutBucketTagging | Bucket | Write | |
| PutBucketVersioning | Bucket | Write | |
| PutBucketWebsite | Bucket | Write | |
| PutObject | Object | Create | |
| PutObjectAcl | Object | Write | |
| PutObjectLegalHold | Object | Write | |
| PutObjectLockConfiguration | Object | Write | |
| PutObjectRetention | Object | Write | |
| PutObjectTagging | Object | Write | |
| RestoreObject | Object | Write | |
| UploadPart | Object | Write | |
| UploadPartCopy | Object | Write |
ObjectStorageObjectsRead
| Amazon S3 Action | IAM Resource | IAM Action | Authorized |
|---|---|---|---|
| AbortMultipartUpload | Object | Delete | |
| CompleteMultipartUpload | Object | Create | |
| CopyObject | Object | Write | |
| CreateBucket | Bucket | Create | |
| CreateMultipartUpload | Object | Create | |
| DeleteBucket | Bucket | Delete | |
| DeleteBucketCors | Bucket | Write | |
| DeleteBucketLifecycle | Bucket | Write | |
| DeleteBucketPolicy | Policy | Write | |
| DeleteBucketTagging | Bucket | Write | |
| DeleteBucketWebsite | Bucket | Write | |
| DeleteObject | Object | Delete | |
| DeleteObjects | Object | Delete | |
| DeleteObjectTagging | Object | Write | |
| GetBucketAcl | Bucket | Read | |
| GetBucketCors | Bucket | Read | |
| GetBucketLifecycleConfiguration | Bucket | Read | |
| GetBucketLocation | Bucket | Read | |
| GetBucketPolicy | Policy | Read | |
| GetBucketPolicyStatus | Policy | Read | |
| GetBucketTagging | Bucket | Read | |
| GetBucketVersioning | Bucket | Read | |
| GetBucketWebsite | Bucket | Read | |
| GetObject | Object | Read | ✅ |
| GetObjectAcl | Object | Read | ✅ |
| GetObjectLegalHold | Object | Read | ✅ |
| GetObjectLockConfiguration | Object | Read | ✅ |
| GetObjectRetention | Object | Read | ✅ |
| GetObjectTagging | Object | Read | ✅ |
| HeadBucket | Bucket | Read | |
| HeadObject | Object | Read | ✅ |
| ListBuckets | Bucket | List | |
| ListMultipartUploads | Object | List | ✅ |
| ListObjects | Object | List | ✅ |
| ListObjectsV2 | Object | List | ✅ |
| ListObjectVersions | Object | List | ✅ |
| ListParts | Object | List | ✅ |
| PostObject | Object | Create | |
| PutBucketAcl | Bucket | Write | |
| PutBucketCors | Bucket | Write | |
| PutBucketLifecycleConfiguration | Bucket | Write | |
| PutBucketPolicy | Policy | Write | |
| PutBucketTagging | Bucket | Write | |
| PutBucketVersioning | Bucket | Write | |
| PutBucketWebsite | Bucket | Write | |
| PutObject | Object | Create | |
| PutObjectAcl | Object | Write | |
| PutObjectLegalHold | Object | Write | |
| PutObjectLockConfiguration | Object | Write | |
| PutObjectRetention | Object | Write | |
| PutObjectTagging | Object | Write | |
| RestoreObject | Object | Write | |
| UploadPart | Object | Write | |
| UploadPartCopy | Object | Write |
ObjectStorageObjectsWrite
| Amazon S3 Action | IAM Resource | IAM Action | Authorized |
|---|---|---|---|
| AbortMultipartUpload | Object | Delete | |
| CompleteMultipartUpload | Object | Create | ✅ |
| CopyObject | Object | Write | ✅ |
| CreateBucket | Bucket | Create | |
| CreateMultipartUpload | Object | Create | ✅ |
| DeleteBucket | Bucket | Delete | |
| DeleteBucketCors | Bucket | Write | |
| DeleteBucketLifecycle | Bucket | Write | |
| DeleteBucketPolicy | Policy | Write | |
| DeleteBucketTagging | Bucket | Write | |
| DeleteBucketWebsite | Bucket | Write | |
| DeleteObject | Object | Delete | |
| DeleteObjects | Object | Delete | |
| DeleteObjectTagging | Object | Write | ✅ |
| GetBucketAcl | Bucket | Read | |
| GetBucketCors | Bucket | Read | |
| GetBucketLifecycleConfiguration | Bucket | Read | |
| GetBucketLocation | Bucket | Read | |
| GetBucketPolicy | Policy | Read | |
| GetBucketPolicyStatus | Policy | Read | |
| GetBucketTagging | Bucket | Read | |
| GetBucketVersioning | Bucket | Read | |
| GetBucketWebsite | Bucket | Read | |
| GetObject | Object | Read | |
| GetObjectAcl | Object | Read | |
| GetObjectLegalHold | Object | Read | |
| GetObjectLockConfiguration | Object | Read | |
| GetObjectRetention | Object | Read | |
| GetObjectTagging | Object | Read | |
| HeadBucket | Bucket | Read | |
| HeadObject | Object | Read | |
| ListBuckets | Bucket | List | |
| ListMultipartUploads | Object | List | |
| ListObjects | Object | List | |
| ListObjectsV2 | Object | List | |
| ListObjectVersions | Object | List | |
| ListParts | Object | List | |
| PostObject | Object | Create | ✅ |
| PutBucketAcl | Bucket | Write | |
| PutBucketCors | Bucket | Write | |
| PutBucketLifecycleConfiguration | Bucket | Write | |
| PutBucketPolicy | Policy | Write | |
| PutBucketTagging | Bucket | Write | |
| PutBucketVersioning | Bucket | Write | |
| PutBucketWebsite | Bucket | Write | |
| PutObject | Object | Create | ✅ |
| PutObjectAcl | Object | Write | ✅ |
| PutObjectLegalHold | Object | Write | ✅ |
| PutObjectLockConfiguration | Object | Write | ✅ |
| PutObjectRetention | Object | Write | ✅ |
| PutObjectTagging | Object | Write | ✅ |
| RestoreObject | Object | Write | ✅ |
| UploadPart | Object | Write | ✅ |
| UploadPartCopy | Object | Write | ✅ |
ObjectStorageObjectsDelete
| Amazon S3 Action | IAM Resource | IAM Action | Authorized |
|---|---|---|---|
| AbortMultipartUpload | Object | Delete | ✅ |
| CompleteMultipartUpload | Object | Create | |
| CopyObject | Object | Write | |
| CreateBucket | Bucket | Create | |
| CreateMultipartUpload | Object | Create | |
| DeleteBucket | Bucket | Delete | |
| DeleteBucketCors | Bucket | Write | |
| DeleteBucketLifecycle | Bucket | Write | |
| DeleteBucketPolicy | Policy | Write | |
| DeleteBucketTagging | Bucket | Write | |
| DeleteBucketWebsite | Bucket | Write | |
| DeleteObject | Object | Delete | ✅ |
| DeleteObjects | Object | Delete | ✅ |
| DeleteObjectTagging | Object | Write | |
| GetBucketAcl | Bucket | Read | |
| GetBucketCors | Bucket | Read | |
| GetBucketLifecycleConfiguration | Bucket | Read | |
| GetBucketLocation | Bucket | Read | |
| GetBucketPolicy | Policy | Read | |
| GetBucketPolicyStatus | Policy | Read | |
| GetBucketTagging | Bucket | Read | |
| GetBucketVersioning | Bucket | Read | |
| GetBucketWebsite | Bucket | Read | |
| GetObject | Object | Read | |
| GetObjectAcl | Object | Read | |
| GetObjectLegalHold | Object | Read | |
| GetObjectLockConfiguration | Object | Read | |
| GetObjectRetention | Object | Read | |
| GetObjectTagging | Object | Read | |
| HeadBucket | Bucket | Read | |
| HeadObject | Object | Read | |
| ListBuckets | Bucket | List | |
| ListMultipartUploads | Object | List | |
| ListObjects | Object | List | |
| ListObjectsV2 | Object | List | |
| ListObjectVersions | Object | List | |
| ListParts | Object | List | |
| PostObject | Object | Create | |
| PutBucketAcl | Bucket | Write | |
| PutBucketCors | Bucket | Write | |
| PutBucketLifecycleConfiguration | Bucket | Write | |
| PutBucketPolicy | Policy | Write | |
| PutBucketTagging | Bucket | Write | |
| PutBucketVersioning | Bucket | Write | |
| PutBucketWebsite | Bucket | Write | |
| PutObject | Object | Create | |
| PutObjectAcl | Object | Write | |
| PutObjectLegalHold | Object | Write | |
| PutObjectLockConfiguration | Object | Write | |
| PutObjectRetention | Object | Write | |
| PutObjectTagging | Object | Write | |
| RestoreObject | Object | Write | |
| UploadPart | Object | Write | |
| UploadPartCopy | Object | Write |