Policy Editor

A policy is a resource-based rule used to grant access permissions to a bucket and its objects for others (users). Policies are in JSON format, allowing you to securely and efficiently manage your files and buckets by specifying access levels.

Through the Policy Editor page, an editor is available to define and modify policies related to the bucket, enabling you to set the required access policies. Policy: bucket policy Policy: bucket policy details Below, each policy value is explained.

Policy Values

KeyDescription
VersioningSpecifies the policy language version, indicating compatibility with the JSON policy structure introduced in October 2012.
StatementContains a list of access rules, each defining a set of permissions.
SidAn optional identifier used to distinguish rules.
EffectSpecifies whether the rule allows or denies access. Here, Allow grants the specified permissions, while Deny restricts them.
PrincipalDetermines which users or services the rule applies to. For example, * applies to all users, and { "AWS": "arn:aws:iam::123456789012:user/ExampleUser" } applies to a specific user.
ActionSpecifies the actions the policy allows. For example, s3:GetObject permits retrieving (reading) objects from the bucket.
ResourceSpecifies the ARNs and objects the policy applies to. In this case, it indicates the policy applies to all objects in the bucket arn:aws:s3:::bucket-name/*.
  • Sample Policy
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "PublicReadGetObject",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*"
    }
  ]
}

Permissions

The complete list of possible permissions for applying in a policy is provided in the table below.

PermissionDescription
Full Access (/*)Grants permission to perform any operation on the bucket.
GetObjectGrants permission to read bucket objects.
PutObjectGrants permission to write bucket objects.
DeleteObjectGrants permission to delete bucket objects.
ListBucketGrants permission to list bucket contents.
GetBucketLocationGrants permission to read the bucket's location.
PutBucketPolicyGrants permission to write the bucket's policy.
GetBucketPolicyGrants permission to read the bucket's policy.
DeleteBucketPolicyGrants permission to delete the bucket's policy.
GetObjectAclGrants permission to read the ACL of bucket objects.
PutObjectAclGrants permission to modify the ACL of bucket objects.
GetBucketAclGrants permission to read the bucket's ACL.
PutBucketAclGrants permission to modify the bucket's ACL.
ListAllMyBucketsGrants permission to list all user buckets.
CreateBucketGrants permission to create a new bucket.
DeleteBucketGrants permission to delete a bucket.
GetBucketLoggingGrants permission to read bucket logging settings.
PutBucketLoggingGrants permission to modify bucket logging settings.
PutLifecycleConfigurationGrants permission to modify bucket lifecycle settings.
GetLifecycleConfigurationGrants permission to read bucket lifecycle settings.
GetBucketVersioningGrants permission to read the bucket's versioning status.
PutBucketVersioningGrants permission to modify the bucket's versioning status.
GetObjectVersionGrants permission to read versioned bucket objects.
DeleteObjectVersionGrants permission to delete versioned bucket objects.
RestoreObjectGrants permission to restore versioned bucket objects.
GetBucketTaggingGrants permission to read bucket tags.
PutBucketTaggingGrants permission to modify bucket tags.
DeleteBucketTaggingGrants permission to delete bucket tags.
GetObjectTaggingGrants permission to read tags of bucket objects.
PutObjectTaggingGrants permission to modify tags of bucket objects.
DeleteObjectTaggingGrants permission to delete tags of bucket objects.
GetBucketNotificationConfigurationGrants permission to read bucket notification settings.
PutBucketNotificationConfigurationGrants permission to modify bucket notification settings.
GetBucketPolicyStatusGrants permission to read the bucket policy status.
GetBucketCorsGrants permission to read bucket CORS settings.
PutBucketCorsGrants permission to modify bucket CORS settings.
DeleteBucketCorsGrants permission to delete bucket CORS settings.
GetBucketRequestPaymentGrants permission to read bucket request payment settings.
PutBucketRequestPaymentGrants permission to modify bucket request payment settings.
GetBucketWebsiteGrants permission to read bucket website settings.
PutBucketWebsiteGrants permission to modify bucket website settings.
DeleteBucketWebsiteGrants permission to delete bucket website settings.
GetBucketEncryptionGrants permission to read bucket encryption settings.
PutBucketEncryptionGrants permission to modify bucket encryption settings.
PutBucketOwnershipControlsGrants permission to modify bucket ownership controls.
GetBucketOwnershipControlsGrants permission to read bucket ownership controls.
GetBucketLifecycleGrants permission to read bucket lifecycle settings.
PutBucketLifecycleGrants permission to modify bucket lifecycle settings.
DeleteBucketLifecycleGrants permission to delete bucket lifecycle settings.
AbortMultipartUploadGrants permission to abort multipart uploads in the bucket.

Editing Policy

You can use the Policy Editor to modify policies. For example, add "s3:ListBucket" to Action and "arn:aws:s3:::testco-b2" to Resource (these changes grant the user permission to list contents and read bucket objects), then click Save: Policy: edit bucket policy You can apply other required changes in the same manner.