Getting Information About a Bucket Policy

You can get information about a policy currently applied to a bucket.

Getting Information About a Bucket Policy using AWS CLI (s3api)

To get information about a bucket policy, use the get-bucket-policy command following this syntax:

Request sample
$ aws s3api get-bucket-policy \
    --profile YOUR_PROFILE \
    --bucket BUCKET \
    --endpoint https://oos.eu-west-2.outscale.com

This command contains the following options that you need to specify:

  • (optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.

  • bucket: The name of the bucket whose policy you want to retrieve.

  • endpoint: The endpoint corresponding to the Region you want to send the request to. For more information, see Installing and Configuring AWS CLI.

The get-bucket-policy command returns the following elements:

  • Policy: The JSON policy file as a JSON string. It contains the following elements:

    • Version: The version of the policy language.

    • Statement: The specific permissions that are granted regarding resources (bucket and objects).

      • Effect: Whether access to the resources defined in the policy are allowed or denied.

      • Principal: Which AWS accounts or users are affected by the action.

      • Action: The operations that can or cannot be performed.

      • Resource: The bucket and objects to which the permissions apply, identified by Amazon Resource Names (ARNs).

Result sample
{
   "Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::example-Bucket/Public/*\"},{\"Effect\":\"Deny\",\"Principal\":\"*\",\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::example-Bucket/Private/*\"},{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:root\"},\"Action\":[\"s3:PutObject\",\"s3:DeleteObject\"],\"Resource\":\"arn:aws:s3:::example-bucket/Uploads/*\"}]}"
}

Related Pages

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.

Export to PDF