Difference between revisions of "S3: API reference"

s3:ListBucket, s3:ListAllMyBuckets, s3:PutObject, s3:PutObjectAcl, s3:GetObject, s3:GetObjectAcl [1], s3:GetBucketPolicy, s3:PutBucketPolicy, s3:DeleteObject, s3:ReplicateObject, s3:ReplicateDelete, s3:ReplicateTags

Examples

resource "aws_s3_bucket" "example" {
  bucket = "my-tf-test-bucket"
}

resource "aws_s3_bucket_policy" "allow_access_from_another_account" {
  bucket = aws_s3_bucket.example.id
  policy = data.aws_iam_policy_document.allow_access_from_another_account.json
}

data "aws_iam_policy_document" "allow_access_from_another_account" {
 statement {
   principals {
     type        = "AWS"
     identifiers = ["123456789012"]
   }

   actions = [
     "s3:GetObject",
     "s3:ListBucket",
   ]

   resources = [
     aws_s3_bucket.example.arn,
     "${aws_s3_bucket.example.arn}/*",
   ]
 }
}

Activities

• How do I troubleshoot the error "You don't have permissions to edit bucket policy" when I try to modify a bucket policy in Amazon S3?
• S3 read-write access to a certain bucket

Related

• AmazonS3FullAccess

See also

• AWS S3 policies: s3:, S3 read-write access to a certain bucket, s3:ListBucket, s3:ListAllMyBuckets
• AWS managed policies: ReadOnlyAccess, ViewOnlyAccess, AdministratorAccess, SecurityAudit, ViewBilling, AmazonEKSClusterPolicy, List of AWS policies
• AWS policies: managed policies, Job functions, AWS trust policy, AWS Service Control Policy (SCP), Resource-based policies, Identity-based policies, "Resource":, Job function, AWS Policy Generator, s3:, lambda:, cloudwatch: