Permissions required for aws cp vs aws sync commands when the IAM user and S3 Bucket is in the same AWS Account.


I want to copy objects into my S3 bucket. What permissions do I need to give my IAM user ( same account) to perform copy using 1. aws s3 cp command ? 2. aws s3 sync command?

2 Antworten
Akzeptierte Antwort

To run aws s3 cp, you need to allow s3:GetObject and s3:PutObject for your IAM User. To run the command aws s3 cp with the --recursive option( if you are copying multiple objects at once), you need permission to s3:GetObject, s3:PutObject, and s3:ListBucket. To run the command aws s3 sync, then you need permission to s3:GetObject, s3:PutObject, and s3:ListBucket. You may need additional permissions for performing copy on versioned objects or to copy those objects with tags. To copy a specific version of an object, you need the permission for s3:GetObjectVersion in addition to s3:GetObject. For copying objects that have object tags, your IAM identity must have s3:GetObjectTagging ( on the source object)and s3:PutObjectTagging permissions ( on the destination bucket)

beantwortet vor 2 Jahren
profile picture
überprüft vor 14 Tagen


You need additional permissions for sync

When you run the aws s3 sync command, Amazon S3 issues the following API calls: ListObjectsV2, CopyObject, GetObject, and PutObject. Also, sync can delete objects as well, so you might need DeleteObject if you use the --delete option

profile pictureAWS
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen