AWS IAM Permissions for S3 Storage System
Identity and Access Management (IAM) allows you to regulate access to your AWS resources, thus ensuring that only users with the respective permissions have access to your AWS data.
The permissions required to work with AWS S3 jobs are the following:
-
Monitor S3 object for Creation, Update, Generate, Exist:
-
READ access to the bucket and the object.
-
Permissions for s3:ListAllMyBuckets and s3:ListBucket.
-
-
Monitor S3 object for Creation, Update, Generate, Exist with Regular extension:
-
READ access to the bucket.
-
Permissions for s3:ListAllMyBuckets and s3:ListBucket.
-
-
Delete:
-
READ access to the bucket and the object.
-
Permissions for s3:ListAllMyBuckets, s3:ListBucket, and s3:DeleteObject.
-
-
Copy, Upload:
-
READ access to the bucket and the object.
-
WRITE permissions on a bucket.
-
Permissions for s3:ListAllMyBuckets, s3:ListBucket, and s3:PutObject.
-
-
Download:
-
READ access to the bucket and the object.
-
Permissions for s3:ListAllMyBuckets, s3:ListBucket, and s3:GetObject
-
The following IAM permissions must be granted for listing KMS encryption keys:
-
kms:ListKeys
-
s3:GetEncryptionConfiguration
See also: