Skip to content

Commit 29e14b9

Browse files
SamyOubouazizSamyOubouaziz
committed
docs(obj): update
1 parent 591dff5 commit 29e14b9

File tree

1 file changed

+8
-29
lines changed

1 file changed

+8
-29
lines changed

pages/object-storage/reference-content/s3-iam-permissions-equivalence.mdx

Lines changed: 8 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ tags: object-storage amazon-s3 aws action equivalent iam permission set
66
Below is a list of Object Storage API actions authorized for each [permission set](/iam/reference-content/permission-sets/). Actions that are not explicitly authorized in a permission set are denied by default.
77

88
## ObjectStorageFullAccess
9+
910
| Object Storage action | Bucket policy action required |
1011
|------------------------------------------------|-------------------------------------------------|
1112
| CreateBucket | - |
@@ -66,6 +67,7 @@ Below is a list of Object Storage API actions authorized for each [permission se
6667
| UploadPartCopy | s3:PutObject |
6768

6869
## ObjectStorageReadOnly
70+
6971
| Object Storage action | Bucket policy action required |
7072
|------------------------------------------------|-------------------------------------------------|
7173
| GetBucketAcl | s3:GetBucketAcl |
@@ -95,6 +97,7 @@ Below is a list of Object Storage API actions authorized for each [permission se
9597
| ListParts | s3:ListMultipartUploadParts |
9698

9799
## ObjectStorageBucketsRead
100+
98101
| Object Storage action | Bucket policy action required |
99102
|------------------------------------------------|-------------------------------------------------|
100103
| GetBucketAcl | s3:GetBucketAcl |
@@ -108,6 +111,7 @@ Below is a list of Object Storage API actions authorized for each [permission se
108111
| ListBuckets | s3:ListBucket |
109112

110113
## ObjectStorageBucketsWrite
114+
111115
| Object Storage action | Bucket policy action required |
112116
|------------------------------------------------|-------------------------------------------------|
113117
| CreateBucket | - |
@@ -123,25 +127,15 @@ Below is a list of Object Storage API actions authorized for each [permission se
123127
| PutBucketWebsite | s3:PutBucketWebsite |
124128

125129
## ObjectStorageBucketsDelete
130+
126131
| Object Storage action | Bucket policy action required |
127132
|---------------------------|-------------------------------|
128133
| DeleteBucket | s3:DeleteBucket |
129134

130135
## ObjectStorageObjectsRead
136+
131137
| Object Storage action | Bucket policy action required |
132138
|------------------------------------------------|-------------------------------------------------|
133-
| GetObject | s3:GetObject |
134-
| GetObjectAcl | s3:GetObjectAcl |
135-
| GetObjectLegalHold | s3:GetObjectLegalHold |
136-
| GetObjectLockConfiguration | s3:GetObjectLockConfiguration |
137-
| GetObjectRetention | s3:GetObjectRetention |
138-
| GetObjectTagging | s3:GetObjectTagging |
139-
| HeadObject | s3:HeadObject |
140-
| ListMultipartUploads | s3:ListMultipartUploads |
141-
| ListObjects | s3:ListBucket |
142-
| ListObjectsV2 | s3:ListBucket |
143-
| ListObjectVersions | s3:ListBucket |
144-
| ListParts | s3:ListMultipartUploadParts |
145139
| GetObject (with a `versionId` specified) | s3:GetObjectVersion |
146140
| GetObject | s3:GetObject |
147141
| GetObjectAcl | s3:GetObjectAcl |
@@ -160,23 +154,10 @@ Below is a list of Object Storage API actions authorized for each [permission se
160154
| ListParts | s3:ListMultipartUploadParts |
161155

162156
## ObjectStorageObjectsWrite
157+
163158
| Object Storage action | Bucket policy action required |
164159
|------------------------------------------------|-------------------------------------------------|
165160
| CompleteMultipartUpload | s3:PutObject |
166-
| CopyObject | s3:CopyObject |
167-
| CreateMultipartUpload | s3:PutObject |
168-
| DeleteObjectTagging | s3:DeleteObjectTagging |
169-
| PostObject | s3:PostObject |
170-
| PutObject | s3:PutObject |
171-
| PutObjectAcl | s3:PutObjectAcl |
172-
| PutObjectLegalHold | s3:PutObjectLegalHold |
173-
| PutObjectLockConfiguration | s3:PutObjectLockConfiguration |
174-
| PutObjectRetention | s3:PutObjectRetention |
175-
| PutObjectTagging | s3:PutObjectTagging |
176-
| RestoreObject | s3:RestoreObject |
177-
| UploadPart | s3:UploadPart |
178-
| UploadPartCopy | s3:UploadPartCopy |
179-
| CompleteMultipartUpload | s3:PutObject |
180161
| CopyObject | s3:PutObject |
181162
| CreateMultipartUpload | s3:PutObject |
182163
| DeleteObjectTagging (with a `versionId` specified) | s3:DeleteObjectVersionTagging |
@@ -194,12 +175,10 @@ Below is a list of Object Storage API actions authorized for each [permission se
194175
| UploadPartCopy | s3:PutObject |
195176

196177
## ObjectStorageObjectsDelete
178+
197179
| Object Storage action | Bucket policy action required |
198180
|------------------------------------------------|-------------------------------------------------|
199181
| AbortMultipartUpload | s3:AbortMultipartUpload |
200-
| DeleteObject | s3:DeleteObject |
201-
| DeleteObjects | s3:DeleteObjects |
202-
| AbortMultipartUpload | s3:AbortMultipartUpload |
203182
| DeleteObject (with a `versionId` specified) | s3:DeleteObjectVersion |
204183
| DeleteObject | s3:DeleteObject |
205184
| DeleteObjects (with a `versionId` specified) | s3:DeleteObjectVersion |

0 commit comments

Comments
 (0)