Relationship Between Bucket ACLs and Bucket Policies

Mapping Between Bucket ACLs and Bucket Policies

Bucket ACLs control read and write permissions on buckets. Custom bucket policies can control more actions on buckets. Bucket ACLs are a supplement to bucket policies, but are usually replaced with bucket policies. Table 1 shows the mapping between bucket ACL permissions and actions in a custom bucket policy.

Table 1 Mapping between bucket ACLs and bucket policies

ACL Permission

Option

Mapped Action in a Custom Bucket Policy

Access to bucket

Read

  • HeadBucket

  • ListBucket

  • ListBucketVersions

  • ListBucketMultipartUploads

Write

  • PutObject

  • DeleteObject

  • DeleteObjectVersion

Access to ACL

Read

  • GetBucketAcl

Write

  • PutBucketAcl

Mapping Between Object ACLs and Bucket Policies

Object ACLs are used to control basic read and write access to objects. The custom settings of bucket policies allow you to specify more actions that can be performed on objects. Table 2 describes the mapping between object ACL access permissions and bucket policy actions.

Table 2 Mapping between object ACLs and bucket policies

Object ACL Permission

Option

Mapped Action in a Custom Bucket Policy

Access to object

Read

  • GetObject

  • GetObjectVersion

Access to ACL

Read

  • GetObjectAcl

  • GetObjectVersionAcl

Write

  • PutObjectAcl

  • PutObjectVersionAcl

last updated: 2024-11-14 08:51 UTC - commit: c2bf2e27e452e727da999792ea626796d0094467