Appendix #
Object actions #
- s3:AbortMultipartUpload
- s3:DeleteObject
- s3:DeleteObjectTagging
- s3:DeleteObjectVersion
- s3:DeleteObjectVersionTagging
- s3:GetObject
- s3:GetObject
- s3:GetObjectAcl
- s3:GetObjectTagging
- s3:GetObjectTorrent
- s3:GetObjectVersion
- s3:GetObjectVersionAcl
- s3:GetObjectVersionTagging
- s3:ListMultipartUploadParts
- s3:PutObject
- s3:PutObjectAcl
- s3:PutObjectTagging
- s3:PutObjectVersionAcl
- s3:PutObjectVersionTagging
- s3:RestoreObject
Bucket actions #
- s3:CreateBucket
- s3:DeleteBucket
- s3:ListBucket
- s3:ListBucketMultipartUploads
- s3:ListBucketVersions
- s3:DeleteBucketPolicy
- s3:DeleteBucketWebsite
- s3:GetBucketAcl
- s3:GetBucketCORS
- s3:GetBucketLocation
- s3:GetBucketLogging
- s3:GetBucketNotification
- s3:GetBucketPolicy
- s3:GetBucketRequestPayment
- s3:GetBucketTagging
- s3:GetBucketVersioning
- s3:GetBucketWebsite
- s3:GetLifecycleConfiguration
- s3:GetReplicationConfiguration
- s3:PutBucketAcl
- s3:PutBucketCORS
- s3:PutBucketLogging
- s3:PutBucketNotification
- s3:PutBucketPolicy
- s3:PutBucketRequestPayment
- s3:PutBucketTagging
- s3:PutBucketVersioning
- s3:PutBucketWebsite
- s3:PutLifecycleConfiguration
- s3:PutReplicationConfiguration
Condition keys #
- s3:x-amz-storage-class
- s3:x-amz-acl
- s3:x-amz-grant-full-control
- s3:x-amz-grant-read
- s3:x-amz-grant-read-acp
- s3:x-amz-grant-write
- s3:x-amz-grant-write-acp
- s3:x-amz-copy-source
- s3:TlsVersion
- s3:x-amz-content-sha256
- s3:signatureversion
- s3:signatureAge
- s3:authType
- s3:x-amz-website-redirect-location
- s3:object-lock-mode
- s3:object-lock-retain-until-date
- s3:object-lock-legal-hold
- s3:object-lock-remaining-retention-days
- s3:prefix
- s3:versionid
- s3:max-keys
- s3:locationconstraint
- aws:SourceIp
Condition comparators #
- StringNotEquals
- StringEqualsIgnoreCase
- StringNotEqualsIgnoreCase
- StringLike
- StringNotLike
- NumericEquals
- NumericNotEquals
- NumericLessThan
- NumericLessThanEquals
- NumericGreaterThan
- NumericGreaterThanEquals
- DateEquals
- DateNotEquals
- DateLessThan
- DateLessThanEquals
- DateGreaterThan
- DateGreaterThanEquals
- BinaryEquals
- IpAddress
- NotIpAddress
For general compatibility with Amazon S3, we refer you to upstream documentation.