Getting Information About a Bucket Policy
You can get information about a policy currently applied to a bucket.
Getting Information About a Bucket Policy using AWS CLI (s3api)
To get information about a bucket policy, use the get-bucket-policy command following this syntax:
$ aws s3api get-bucket-policy \
--profile YOUR_PROFILE \
--bucket BUCKET \
--endpoint https://oos.eu-west-2.outscale.comThis command contains the following attributes that you need to specify:
-
(optional)
profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI. -
bucket: The name of the bucket whose policy you want to retrieve. -
endpoint: The endpoint corresponding to the Region you want to send the request to. For more information, see Installing and Configuring AWS CLI.
The get-bucket-policy command returns the following elements:
-
Policy: The content of the .json policy file. -
Version: The version of the policy language. -
Statement: The specific permissions that are granted regarding resources (bucket and objects).-
Effect: Whether access to the resources defined in the policy are allowed or denied. -
Principal: Which AWS accounts or users are affected by the action. -
Action: The operations that can or cannot be performed. -
Resource: The bucket and objects to which the permissions apply, identified by Amazon Resource Names (ARNs).
-
{
"Policy":
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-Bucket/Public/*"
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-Bucket/Private/*"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
},
"Action": [
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::example-bucket/Uploads/*"
}
]
}Related Pages
AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.