Managing bucket policies for directory buckets
You can add, delete, update, and view bucket policies for Amazon S3 directory buckets by using the Amazon S3 console and the AWS SDKs. For more information, see the following topics. For more information about supported AWS Identity and Access Management (IAM) actions and condition keys for S3 Express One Zone, see AWS Identity and Access Management (IAM) for S3 Express One Zone. For example bucket policies for directory buckets, see Example directory bucket policies for S3 Express One Zone.
Adding a bucket policy
To add a bucket policy to a directory bucket, you can use the Amazon S3 console, the AWS SDKs, or the AWS CLI.
To create or edit a bucket policy
Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/
. -
In the left navigation pane, choose Buckets.
Choose the Directory buckets tab.
-
In the Directory buckets list, choose the name of the bucket that you want to upload your folders or files to.
-
Choose the Permissions tab.
-
Under Bucket policy, choose Edit. The Edit bucket policy page appears.
-
To generate a policy automatically, choose Policy generator.
If you choose Policy generator, the AWS Policy Generator opens in a new window.
If you don't want to use the AWS Policy Generator, you can add or edit JSON statements in the Policy section.
-
On the AWS Policy Generator page, for Select Type of Policy, choose S3 Bucket Policy.
-
Add a statement by entering the information in the provided fields, and then choose Add Statement. Repeat this step for as many statements as you want to add. For more information about these fields, see the IAM JSON policy elements reference in the IAM User Guide.
Note
For your convenience, the Edit bucket policy page displays the Bucket ARN (Amazon Resource Name) of the current bucket above the Policy text field. You can copy this ARN for use in the statements on the AWS Policy Generator page.
-
After you finish adding statements, choose Generate Policy.
-
Copy the generated policy text, choose Close, and return to the Edit bucket policy page in the Amazon S3 console.
-
-
In the Policy box, edit the existing policy or paste the bucket policy from the AWS Policy Generator. Make sure to resolve security warnings, errors, general warnings, and suggestions before you save your policy.
Note
Bucket policies are limited to 20 KB in size.
-
Choose Save changes, which returns you to the Permissions tab.
This example shows how to add a bucket policy to a directory bucket by using the AWS CLI. To use the command replace the user input placeholders with your own information.
aws s3api put-bucket-policy --bucketbucket-base-name--azid--x-s3 --policy file://bucket_policy.json
bucket_policy.json:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AdminPolicy", "Effect": "Allow", "Principal": { "AWS": "111122223333" }, "Action": "s3express*", "Resource": "arn:aws:s3express:us-west-2:111122223333:bucket/bucket-name--usw2-az1--x-s3" } ] }
For more information, see put-bucket-policy
Viewing a bucket policy
To view a bucket policy for a directory bucket, use the following examples.
This example shows how to view the bucket policy attached to a
directory bucket by using the AWS CLI. To use the command replace the user input placeholders with your own information.
aws s3api get-bucket-policy --bucketbucket-base-name--azid--x-s3
For more information, see get-bucket-policy
Deleting a bucket policy
To delete a bucket policy for a directory bucket, use the following examples.
This example shows how to delete a bucket policy for a directory bucket by using the AWS CLI. To use the command replace the user input placeholders with your own information.
aws s3api delete-bucket-policy --bucketbucket-base-name--azid--x-s3
For more information, see delete-bucket-policy
