To access files in an Amazon S3 bucket, you need certain IAM permissions depending on the access you need. Here are the permissions you may require.
1. Read-Only Access (List and Read Files)
If you only need to view files and download them:
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::your-bucket-name",
"arn:aws:s3:::your-bucket-name/*"
]
}s3:ListBucket→ Allows listing objects in the bucket.s3:GetObject→ Allows reading (downloading) files.
2. Write Access (Upload Files)
If you need to upload files, you also need s3:PutObject: The opposite is “Deny”.
{
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": "arn:aws:s3:::your-bucket-name/*"
}s3:PutObject→ Allows writing (uploading) files.
3. Full Access (Read, Write, Delete)
If you need full access, including deleting files, you need:
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::your-bucket-name",
"arn:aws:s3:::your-bucket-name/*"
]
}s3:DeleteObject→ Allows deleting files.
4. Accessing S3 Using AWS Services (Athena, Redshift, Lambda, Glue, etc.)
If you’re using Athena or Redshift Spectrum, you also need:
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::your-bucket-name",
"arn:aws:s3:::your-bucket-name/*"
]
}For Glue jobs:
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::your-bucket-name",
"arn:aws:s3:::your-bucket-name/*"
]
}5. Restricting Access to a Specific Folder
If you want access only to a specific folder inside the bucket (your-folder/):
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::your-bucket-name/your-folder/*"
}
Srinimf 
You must be logged in to post a comment.