- Newest
- Most votes
- Most comments
Hello.
"s3:ListBucket" is required to retrieve a list of objects from an S3 bucket.
"s3:ListBucket" is not necessary when only writing.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html
In Amazon S3, a bucket is a container of objects. Therefore, you can specify some settings at bucket level but, when reading and writing data, you are actually reading and writing objects. Therefore, in order to read and write objects you need to have the right permissions to read or write these objects: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-policy-language-overview.html
Regarding s3:ListBucket, it is for listing the objects within a bucket. If you just want to access or write a specific object and you know the name of the object, you do not need to have those permissions. However, if you need to know (list) the objects within the bucket to identify the one(s) you want to access, you need permissions for s3:ListBucket.
Relevant content
- asked 5 months ago
- asked 2 months ago
- What's the difference between Lambda function execution role permissions and invocation permissions?
AWS OFFICIALUpdated 2 years ago - AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
If you know the object name in the bucket, is it still required to list the bucket objects in order to read and write?
If you know the object name in the bucket, you can download it even without "s3:ListBucket".