Full List of Supported S3-Compatible IAM Actions
This page lists all s3:-prefixed IAM actions supported by Tigris for use in
IAM policies.
Tigris is S3-compatible and supports a rich subset of the AWS S3 IAM action
model. These actions can be used within the Action field of your IAM policy
statements.
You can:
- Use exact action names (e.g.
s3:PutObject) - Use wildcards (e.g.
s3:Get*ors3:*) - Mix with conditions and resource ARNs for fine-grained access control
📋 Action Reference Table​
| IAM action | Mapped operations | Description |
|---|---|---|
| s3:AbortMultipartUpload | AbortMultipartUpload | Grants permission to abort a multipart upload |
| s3:PutBucket | CreateBucket | Grants permission to create a new bucket |
| s3:CreateBucket | CreateBucket | Grants permission to create a new bucket |
| s3:NewMultipartUpload | NewMultipartUpload | Initiate a new multipart upload. |
| s3:CompleteMultipartUpload | CompleteMultipartUpload | Complete a multipart upload by assembling previously uploaded parts. |
| s3:CopyObject | CopyObject | Copy an object to a new location. |
| s3:CopyObjectPart | UploadPartCopy | Upload a part by copying data from an existing object as part of a multipart upload. |
| s3:DeleteBucket | DeleteBucket | Grants permission to delete the bucket named in the URI |
| s3:DeleteBucketCors | DeleteBucketCors | Remove the CORS configuration from a bucket. |
| s3:DeleteBucketPolicy | DeleteBucketPolicy | Grants permission to delete the policy on a specified bucket |
| s3:DeleteBucketOwnershipControls | DeleteBucketOwnershipControls | Remove ownership controls from a bucket. |
| s3:DeleteBucketTagging | DeleteBucketTagging | Remove all tags from a bucket. |
| s3:DeleteMultipleObjects | DeleteMultipleObjects | Delete multiple objects from a bucket in a single request. |
| s3:DeleteObject | DeleteObject, DeleteMultipleObjects | Grants permission to remove the null version of an object and insert a delete marker, which becomes the current version of the object |
| s3:DeleteBucketLifecycleConfiguration | DeleteBucketLifecycleConfiguration | Remove the lifecycle configuration from a bucket. |
| s3:DeleteObjectTagging | DeleteObjectTagging | Grants permission to use the tagging subresource to remove the entire tag set from the specified object |
| s3:GetAccelerateConfiguration | GetBucketAccelerateConfiguration | Grants permission to uses the accelerate subresource to return the Transfer Acceleration state of a bucket, which is either Enabled or Suspended |
| s3:GetBucketAccelerateConfiguration | GetBucketAccelerateConfiguration | Grants permission to uses the accelerate subresource to return the Transfer Acceleration state of a bucket, which is either Enabled or Suspended |
| s3:OpGetBucketAccelerateConfiguration | GetBucketAccelerateConfiguration | Grants permission to uses the accelerate subresource to return the Transfer Acceleration state of a bucket, which is either Enabled or Suspended |
| s3:GetBucketACL | GetBucketACL | Grants permission to use the acl subresource to return the access control list (ACL) of bucket |
| s3:GetBucketAcl | GetBucketACL | Grants permission to use the acl subresource to return the access control list (ACL) of bucket |
| s3:GetBucketCORS | GetBucketCors | Grants permission to return the CORS configuration information set for bucket |
| s3:GetBucketCors | GetBucketCors | Grants permission to return the CORS configuration information set for bucket |
| s3:GetBucketLifecycleConfiguration | GetBucketLifecycleConfiguration | Get the lifecycle configuration of a bucket. |
| s3:GetBucketLocation | GetBucketLocation | Grants permission to return the Region that a bucket resides in |
| s3:GetBucketOwnershipControls | GetBucketOwnershipControls | Grants permission to retrieve ownership controls on a bucket |
| s3:OpGetBucketOwnershipControls | GetBucketOwnershipControls | Grants permission to retrieve ownership controls on a bucket |
| s3:GetBucketPolicy | GetBucketPolicy | Grants permission to return the policy of the specified bucket |
| s3:GetBucketPolicyStatus | GetBucketPolicyStatus | Grants permission to retrieve the policy status for a specific bucket, which indicates whether the bucket is public |
| s3:GetBucketRequestPayment | GetBucketRequestPayment | Grants permission to return the request payment configuration for a bucket |
| s3:GetBucketTagging | GetBucketTagging | Grants permission to return the tag set associated with a bucket |
| s3:GetBucketVersioning | GetBucketVersioning | Grants permission to return the versioning state of a bucket |
| s3:GetLifecycleConfiguration | GetBucketLifecycleConfiguration | Grants permission to return the lifecycle configuration information set on a bucket |
| s3:GetObject | GetObject, HeadObject | Grants permission to retrieve objects |
| s3:GetObjectAcl | GetObjectACL | Grants permission to return the access control list (ACL) of an object |
| s3:GetObjectACL | GetObjectACL | Grants permission to return the access control list (ACL) of an object |
| s3:GetObjectTagging | GetObjectTagging | Grants permission to return the tag set of an object |
| s3:HeadBucket | HeadBucket | Retrieve metadata from a bucket without returning the bucket itself. |
| s3:HeadObject | HeadObject | Retrieve metadata from an object without returning the object itself. |
| s3:ListAllMyBuckets | ListBuckets | Grants permission to list all buckets owned by the authenticated sender of the request |
| s3:ListBucket | ListObjectsV1, ListObjectsV2, HeadBucket | Grants permission to list some or all of the objects in a bucket. |
| s3:ListObjectParts | ListObjectParts | List the parts that have been uploaded for a specific multipart upload. |
| s3:ListBuckets | ListBuckets | Grants permission to list all buckets owned by the authenticated sender of the request |
| s3:ListBucketMultipartUploads | ListMultipartUploads | Grants permission to list in-progress multipart uploads |
| s3:ListMultipartUploadParts | ListObjectParts | List the parts that have been uploaded for a specific multipart upload. |
| s3:ListObjects | ListObjectsV1 | List objects in a bucket (version 1). |
| s3:ListObjectsV1 | ListObjectsV1 | List objects in a bucket (version 1). |
| s3:ListObjectsV2 | ListObjectsV2 | List objects in a bucket (version 2). |
| s3:ListMultipartUploads | ListMultipartUploads | Grants permission to list in-progress multipart uploads |
| s3:PostPolicy | PostPolicy | Add a policy to a bucket using a POST request. |
| s3:PutAccelerateConfiguration | PutBucketAccelerateConfiguration | Grants permission to use the accelerate subresource to set the Transfer Acceleration state of an existing bucket |
| s3:PutBucketAccelerateConfiguration | PutBucketAccelerateConfiguration | Grants permission to use the accelerate subresource to set the Transfer Acceleration state of an existing bucket |
| s3:PutBucketAcl | PutBucketACL | Grants permission to set the permissions on an existing bucket using access control lists (ACLs) |
| s3:PutBucketACL | PutBucketACL | Grants permission to set the permissions on an existing bucket using access control lists (ACLs) |
| s3:PutBucketCORS | PutBucketCors, DeleteBucketCors | Set or remove the CORS configuration of a bucket. |
| s3:PutBucketCORS | PutBucketCors | Grants permission to set the CORS configuration for a bucket |
| s3:PutBucketLifecycleConfiguration | PutBucketLifecycleConfiguration | Set the lifecycle configuration of a bucket. |
| s3:PutLifecycleConfiguration | PutBucketLifecycleConfiguration, DeleteBucketLifecycleConfiguration | Grants permission to create a new lifecycle configuration for the bucket or replace an existing lifecycle configuration |
| s3:PutBucketOwnershipControls | PutBucketOwnershipControls, DeleteBucketOwnershipControls | Grants permission to add, replace or delete ownership controls on a bucket |
| s3:PutBucketPolicy | PutBucketPolicy | Grants permission to add or replace a bucket policy on a bucket |
| s3:PutBucketTagging | PutBucketTagging, DeleteBucketTagging | Grants permission to add a set of tags to an existing bucket |
| s3:PutObject | PutObject, CopyObject, UploadPart, NewMultipartUpload, CompleteMultipartUpload | Grants permission to add an object to a bucket |
| s3:PutObjectAcl | PutObjectAcl | Grants permission to set the access control list (ACL) permissions for new or existing objects in a bucket |
| s3:PutObjectACL | PutObjectAcl | Grants permission to set the access control list (ACL) permissions for new or existing objects in a bucket |
| s3:PutObjectLegalHold | PutObjectLegalHold | Grants permission to apply a Legal Hold configuration to the specified object |
| s3:PutObjectLockConfiguration | PutObjectLockConfiguration | Set the object lock configuration of a bucket. |
| s3:PutObjectRetention | PutObjectRetention | Grants permission to place an Object Retention configuration on an object |
| s3:PutObjectTagging | PutObjectTagging | Grants permission to set the supplied tag-set to an object that already exists in a bucket |
| s3:RestoreObject | RestoreObject | Grants permission to restore an archived copy of an object |
| s3:UploadObjectPart | UploadPart | Upload a part in a multipart upload. |
| s3:UploadPart | UploadPart | Upload a part in a multipart upload. |
| s3:UploadPartCopy | UploadPartCopy | Upload a part by copying data from an existing object as part of a multipart upload. |
✅ This list reflects actions that are actively enforced and validated by Tigris. Using unsupported actions will result in an error during policy creation.