AWS S3 (IAM)

aws storage

Amazon Simple Storage Service (S3) provides scalable object storage for data backup, archival, and analytics.

Common permissions

s3:ListBuckets3:GetObjects3:PutObjects3:DeleteObjects3:CreateBuckets3:DeleteBuckets3:GetBucketPolicys3:PutBucketPolicy

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject",
        "s3:CreateBucket",
        "s3:DeleteBucket",
        "s3:GetBucketPolicy",
        "s3:PutBucketPolicy"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid s3:* — grants full access including deletion of buckets and objects.
Avoid s3:PutBucketPolicy without conditions — can allow public access to data.

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/s3/s3.json ↗

API

full doc /v1/iam/s3