Settings for using Amazon S3
Access permissions for buckets and objects
Grant the permissions for buckets and objects to users that upload objects to Amazon S3 or download objects from Amazon S3.
Use IAM, ACL, or bucket policy to grant the permissions shown in the table below. For details on how to grant permissions, refer to the respective documents provided by AWS.
When using the upload function, the required permissions differ according to whether "New Creation" or "Replace" is specified for Registration Mode in the Receive Management Information.
|
Receive Management Information |
Permission |
|||||
|---|---|---|---|---|---|---|
|
IAM |
ACL |
Bucket Policy |
||||
|
Registration Mode |
Bucket |
Object |
Bucket |
Object |
Bucket |
Object |
|
New Creation |
ListBucket |
PutObject |
(None) |
List objects |
ListBucket |
PutObject |
|
Replace |
(None) |
PutObject |
(None) |
Write objects |
(None) |
PutObject |
|
Permission |
|||||
|---|---|---|---|---|---|
|
IAM |
ACL |
Bucket Policy |
|||
|
Bucket |
Object |
Bucket |
Object |
Bucket |
Object |
|
ListBucket (*1) |
GetObject |
(None) |
Read objects |
(None) |
GetObject |
|
*1 |
: |
When the object does not exist, an error occurs. Also, when ListBucket permissions are not granted to the bucket, a permissions error occurs. To prevent permissions errors, we recommend that you grant ListBucket permissions to the bucket. |
To cancel the transfer, the permissions below are required in addition to the permissions above.
|
Permission |
|||||
|---|---|---|---|---|---|
|
IAM |
ACL |
Bucket Policy |
|||
|
Bucket |
Object |
Bucket |
Object |
Bucket |
Object |
|
(None) |
AbortMultipartUpload |
(None) |
(None) |
(None) |
AbortMultipartUpload |
To use Amazon S3 functions, grant the permissions shown below.
|
AWS Function |
Permission |
|||||
|---|---|---|---|---|---|---|
|
IAM |
ACL |
Bucket Policy |
||||
|
Bucket |
Object |
Bucket |
Object |
Bucket |
Object |
|
|
Modification of Access Control List (ACL) |
(None) |
PutObjectAcl |
(None) |
(None) |
(None) |
PutObjectAcl |