New operations supported by S3 service:
|
s3:GetReplicationConfiguration
|
Grants permission to get the replication configuration information set on an amazon S3 bucket.
|
Read
|
bucket*
|
s3:authType s3:signatureversion s3:x-amz-content-sha256
|
s3:PutReplicationConfiguration
|
Grants permission to create a replication configuration or replace an existing one.
|
Write
|
bucket*
|
s3:authType s3:signatureversion s3:x-amz-content-sha256
|
s3:DeleteReplicationConfiguration
|
Grants permission to delete a replication configuration.
|
Write
|
bucket*
|
-
|
s3:GetBucketObjectLockConfiguration
|
Grants permission to get the object lock configuration of an amazon S3 bucket.
|
Read
|
bucket*
|
s3:authType s3:signatureversion
|
s3:PUTBucketObjectLockConfiguration
|
Grants permission to get the object lock configuration of an amazon S3 bucket.
|
Write
|
bucket*
|
s3:authType s3:signatureversion
|
s3:GetObjectLegalHold
|
Grants permission to get the current legal hold status of an object.
|
Read
|
object*
|
s3:authType s3:signatureversion s3:x-amz-content-sha256
|
s3:PutObjectLegalHold
|
Grants permission to apply a legal hold configuration to a specified object.
|
Write
|
object*
|
s3:authType s3:signatureversion s3:x-amz-content-sha256 s3:object-lock-legal-hold
|
s3:GetObjectRetention
|
Grants permission to retrieve the retention settings for an object.
|
Read
|
object*
|
s3:authType s3:signatureversion s3:x-amz-content-sha256
|
s3:PutObjectRetention
|
Grants permission to place an object retention configuration on an object.
|
Write
|
object*
|
s3:authType s3:signatureversion s3:x-amz-content-sha256 s3:object-lock-mode s3:object-lock-retain-until-date s3:object-lock-remaining-retention-days
|
s3:BypassGovernanceRetention
|
Grants permission to allow circumvention of governance-mode object retention settings.
|
Permission Management
|
object*
|
s3:RequestObjectTag/<key> s3:RequestObjectTagKeys s3:authType s3:signatureversion s3:x-amz-acl s3:x-amz-content-sha256 s3:x-amz-copy-source s3:x-amz-grant-full-control s3:x-amz-grant-read s3:x-amz-grant-read-acp s3:x-amz-grant-write s3:x-amz-grant-write-acp s3:x-amz-metadata-directive s3:x-amz-server-side-encryption s3:x-amz-storage-class s3:object-lock-mode s3:object-lock-retain-until-date s3:object-lock-remaining-retention-days s3:object-lock-legal-hold
|
Existing S3 operations supported by S3 service:
|
s3:AbortMultipartUpload
|
Grants permission to cancel a multipart upload.
|
Write
|
object*
|
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:CreateBucket
|
Grants permission to create a bucket.
|
Write
|
bucket*
|
s3:authType
s3:signatureversion
s3:x-amz-acl
s3:x-amz-content-sha256
s3:x-amz-grant-full-control
s3:x-amz-grant-read
s3:x-amz-grant-read-acp
s3:x-amz-grant-write
s3:x-amz-grant-write-acp
|
s3:DeleteBucket
|
Grants permission to delete the bucket named in the URI.
|
Write
|
bucket*
|
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:DeleteBucketPolicy
|
Grants permission to delete policy on a specified bucket.
|
Permission Management
|
bucket*
|
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:DeleteObject
|
Grants permission to remove the null version of an object and insert a delete marker, which becomes the current version of the object.
|
Write
|
object*
|
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:DeleteObjectTagging
|
Grants permission to use the tagging subresource to remove the entire tag set from the specified object.
|
Tagging
|
object*
|
s3:ExistingObjectTag/<key>
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:DeleteObjectVersion
|
Grants permission to remove a specific version of an object.
|
Write
|
object*
|
s3:authType
s3:signatureversion
s3:versionid
s3:x-amz-content-sha256
|
s3:DeleteObjectVersionTagging
|
Grants permission to remove the entire tag set for a specific version of the object.
|
Tagging
|
object*
|
s3:ExistingObjectTag/<key>
s3:authType
s3:signatureversion
s3:versionid
s3:x-amz-content-sha256
|
s3:GetBucketAcl
|
Grants permission to use the ACL subresource to return the access control list (ACL) of an Amazon S3 bucket.
|
Read
|
bucket*
|
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:GetBucketCORS
|
Grants permission to return the CORS configuration information set for an Amazon S3 bucket.
|
Read
|
bucket*
|
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:GetBucketPolicy
|
Grants permission to return the policy of the specified bucket.
|
Read
|
bucket*
|
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:GetBucketTagging
|
Grants permission to return the tag set associated with an Amazon S3 bucket.
|
Read
|
bucket*
|
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:GetBucketVersioning
|
Grants permission to return the versioning state of an Amazon S3 bucket.
|
Read
|
bucket*
|
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:GetLifecycleConfiguration
|
Grants permission to return the life-cycle configuration information set on an Amazon S3 bucket.
|
Read
|
bucket*
|
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:GetObject
|
Grants permission to retrieve objects from Amazon S3.
|
Read
|
object*
|
s3:ExistingObjectTag/<key>
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:GetObjectAcl
|
Grants permission to return the access control list (ACL) of an object.
|
Read
|
object*
|
s3:ExistingObjectTag/<key>
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:GetObjectTagging
|
Grants permission to return the tag set of an object.
|
Read
|
object*
|
s3:ExistingObjectTag/<key>
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:GetObjectVersion
|
Grants permission to retrieve a specific version of an object.
|
Read
|
object*
|
s3:ExistingObjectTag/<key>
s3:authType
s3:signatureversion
s3:versionid
s3:x-amz-content-sha256
|
s3:GetObjectVersionAcl
|
Grants permission to return the access control list (ACL) of a specific object version.
|
Read
|
object*
|
s3:ExistingObjectTag/<key>
s3:authType
s3:signatureversion
s3:versionid
s3:x-amz-content-sha256
|
s3:GetObjectVersionTagging
|
Grants permission to return the tag set for a specific version of the object.
|
Read
|
object*
|
s3:ExistingObjectTag/<key>
s3:authType
s3:signatureversion
s3:versionid
s3:x-amz-content-sha256
|
s3:ListAllMyBuckets
|
Grants permission to list all buckets owned by the authenticated sender of the request.
|
List
|
-
|
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:ListBucket
|
Grants permission to list some or all the objects in an Amazon S3 bucket (up to 1000).
|
List
|
bucket*
|
s3:authType
s3:delimiter
s3:max-keys
s3:prefix
s3:signatureversion
s3:x-amz-content-sha256
|
s3:ListBucketMultipartUploads
|
Grants permission to list in-progress multipart uploads.
|
Read
|
bucket*
|
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:ListBucketVersions
|
Grants permission to list metadata about all the versions of objects in an Amazon S3 bucket.
|
Read
|
bucket*
|
s3:authType
s3:delimiter
s3:max-keys
s3:prefix
s3:signatureversion
s3:x-amz-content-sha256
|
s3:ListMultipartUploadParts
|
Grants permission to list the parts that have been uploaded for a specific multipart upload.
|
Read
|
object*
|
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:PutBucketAcl
|
Grants permission to set the permissions on an existing bucket using access control lists (ACLs).
|
Permission Management
|
bucket*
|
s3:authType
s3:signatureversion
s3:x-amz-acl
s3:x-amz-content-sha256
s3:x-amz-grant-full-control
s3:x-amz-grant-read
s3:x-amz-grant-read-acp
s3:x-amz-grant-write
s3:x-amz-grant-write-acp
|
s3:PutBucketCORS
|
Grants permission to set the CORS configuration for an Amazon S3 bucket.
|
Write
|
bucket*
|
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:PutBucketPolicy
|
Grants permission to add or replace a bucket policy on a bucket.
|
Permission Management
|
bucket*
|
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:PutBucketTagging
|
Grants permission to add tags to an existing Amazon S3 bucket.
|
Tagging
|
bucket*
|
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:PutBucketVersioning
|
Grants permission to set the versioning state of an existing Amazon S3 bucket.
|
Write
|
bucket*
|
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:PutLifecycleConfiguration
|
Grants permission to create a life-cycle configuration for the bucket or replace an existing life-cycle configuration.
|
Write
|
bucket*
|
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:PutObject
|
Grants permission to add an object to a bucket.
|
Write
|
object*
|
s3:RequestObjectTag/<key>
s3:RequestObjectTagKeys
s3:authType
s3:signatureversion
s3:x-amz-acl
s3:x-amz-content-sha256
s3:x-amz-copy-source
s3:x-amz-grant-full-control
s3:x-amz-grant-read
s3:x-amz-grant-read-acp
s3:x-amz-grant-write
s3:x-amz-grant-write-acp
s3:x-amz-metadata-directive
s3:x-amz-server-side-encryption
s3:x-amz-server-side-encryption-aws-kms-key-id
s3:x-amz-storage-class
s3:object-lock-mode
s3:object-lock-retain-until-date
s3:object-lock-remaining-retention-days
s3:object-lock-legal-hold
|
s3:PutObjectAcl
|
Grants permission to set the access control list (ACL) permission for an object that exists in a bucket.
|
Permission Management
|
object*
|
s3:ExistingObjectTag/<key>
s3:authType
s3:signatureversion
s3:x-amz-acl
s3:x-amz-content-sha256
s3:x-amz-grant-full-control
s3:x-amz-grant-read
s3:x-amz-grant-read-acp
s3:x-amz-grant-write
s3:x-amz-grant-write-acp
s3:x-amz-storage-class
|
s3:PutObjectTagging
|
Grants permission to set the supplied tag-set to an object that exists in a bucket.
|
Tagging
|
object*
|
s3:ExistingObjectTag/<key>
s3:RequestObjectTag/<key>
s3:RequestObjectTagKeys
s3:authType
s3:signatureversion
s3:x-amz-content-sha256
|
s3:PutObjectVersionAcl
|
Grants permission to use the ACL subresource to set the access control list (ACL) permissions for an object that exists in a bucket.
|
Permission Management
|
object*
|
s3:ExistingObjectTag/<key>
s3:authType
s3:signatureversion
s3:versionid
s3:x-amz-acl
s3:x-amz-content-sha256
s3:x-amz-grant-full-control
s3:x-amz-grant-read
s3:x-amz-grant-read-acp
s3:x-amz-grant-write
s3:x-amz-grant-write-acp
s3:x-amz-storage-class
|
s3:PutObjectVersionTagging
|
Grants permission to set the supplied tag-set for a specific version of an object.
|
Tagging
|
object*
|
s3:ExistingObjectTag/<key>
s3:RequestObjectTag/<key>
s3:RequestObjectTagKeys
s3:authType
s3:signatureversion
s3:versionid
s3:x-amz-content-sha256
|
s3:ReplicationInfo
|
Grants permission to retrieve an object replication status.
|
Read
|
object*
|
-
|
s3:PutBucketLogging
|
Grants permission to configure bucket logging on a source bucket.
|
Permission Management
|
bucket*
|
-
|
s3:GetBucketLogging
|
Grants permission to retrieve bucket logging on a source bucket.
|
Permission Management
|
bucket*
|
-
|