S3のAPIは、素のAPIと、AWS CLIのs3apiで使う時の名前と、IAM Policyで制御する時の名前がバラバラだったりするので、大変分かりづらい。ということで、表を作った。これでもまだ不完全または不正確な気がするので、気がついたらコメントいただけると嬉しい。

target S3 API AWS CLI IAM Policy
service GET Service list-buckets s3:ListAllMyBuckets
bucket DELETE Bucket delete-bucket s3:DeleteBucket
bucket DELETE Bucket analytics delete-bucket-analytics-configuration s3:PutAnalyticsConfiguration
bucket DELETE Bucket cors delete-bucket-cors
bucket DELETE Bucket inventory delete-bucket-inventory-configuration s3:PutInventoryConfiguration
bucket DELETE Bucket lifecycle delete-bucket-lifecycle
bucket DELETE Bucket metrics delete-bucket-metrics-configuration s3:PutMetricsConfiguration
bucket DELETE Bucket policy delete-bucket-policy s3:DeleteBucketPolicy
bucket DELETE Bucket replication delete-bucket-replication s3:DeleteReplicationConfiguration
bucket DELETE Bucket tagging delete-bucket-tagging s3:PutBucketTagging
bucket DELETE Bucket website delete-bucket-website s3:DeleteBucketWebsite
bucket GET Bucket (List Objects) list-objects s3:ListBucket
bucket GET Bucket (List Objects V2) list-objects-v2 s3:ListBucket
bucket GET Bucket accelerate get-bucket-accelerate-configuration s3:GetAccelerateConfiguration
bucket GET Bucket acl get-bucket-acl s3:GetBucketAcl
bucket GET Bucket analytics get-bucket-analytics-configuration s3:GetAnalyticsConfiguration
bucket GET Bucket cors get-bucket-cors s3:GetBucketCORS
bucket GET Bucket inventory get-bucket-inventory-configuration s3:GetInventoryConfiguration
bucket GET Bucket lifecycle (deprecated) get-bucket-lifecycle (deprecated)
bucket GET Bucket lifecycle get-bucket-lifecycle-configuration s3:GetLifecycleConfiguration
bucket GET Bucket location get-bucket-location s3:GetBucketLocation
bucket GET Bucket logging get-bucket-logging s3:GetBucketLogging
bucket GET Bucket metrics get-bucket-metrics-configuration s3:GetMetricsConfiguration
bucket get-bucket-notification (deprecated)
bucket GET Bucket notification get-bucket-notification-configuration s3:GetBucketNotification
bucket GET Bucket Object versions
bucket GET Bucket policy get-bucket-policy s3:GetBucketPolicy
bucket GET Bucket replication get-bucket-replication s3:GetReplicationConfiguration
bucket GET Bucket requestPayment get-bucket-request-payment s3:GetBucketRequestPayment
bucket GET Bucket tagging get-bucket-tagging s3:GetBucketTagging
bucket GET Bucket versioning get-bucket-versioning s3:GetBucketVersioning
bucket GET Bucket website get-bucket-website s3:GetBucketWebsite
bucket HEAD Bucket head-bucket s3:ListBucket
bucket List Bucket Analytics Configurations list-bucket-analytics-configuration s3:GetAnalyticsConfiguration
bucket List Bucket Inventory Configurations list-bucket-inventory-configurations s3:GetInventoryConfiguration
bucket List Bucket Metrics Configurations list-bucket-metrics-configurations s3:GetMetricsConfiguration
bucket List Mutlipart Uploads list-multipart-uploads s3:ListBucktMultipartUploads
bucket PUT Bucket create-bucket s3:CreateBucket
bucket PUT Bucket accelrate put-bucket-accelerate-configuration s3:PutAccelerateConfiguration
bucket PUT Bucket acl put-bucket-acl s3:PutBucketAcl
bucket PUT Bucket analytics put-bucket-analytics-configuration s3:PutAnalyticsConfiguration
bucket PUT Bucket cors put-bucket-cors s3:PutBucketCORS
bucket PUT Bucket inventory put-bucket-inventory-configuration s3:PutInventoryConfiguration
bucket PUT Bucket lifecycle (deprecated) put-bucket-lifecycle (deprecated)
bucket PUT Bucket lifecycle put-bucket-lifecycle-configuration s3:PutLifecycleConfiguration
bucket PUT Bucket logging put-bucket-logging s3:PutBucketLogging
bucket PUT Bucket metrics put-bucket-metrics-configuration s3:PutMetricsConfiguration
bucket put-bucket-notification
bucket PUT Bucket notification put-bucket-notification-configuration s3:PutBucketNotification
bucket PUT Bucket policy put-bucket-policy s3:PutBucketPolicy
bucket PUT Bucket replication put-bucket-replication s3:PutReplecationConfiguration
bucket PUT Bucket requestPayment put-bucket-request-payment s3:PutBucketRequestPayment
bucket PUT Bucket tagging put-bucket-tagging s3:PutBucketTagging
bucket PUT Bucket versioning put-bucket-versioning s3:PutBucketVersioning
bucket PUT Bucket website put-bucket-website s3:PutBucketWebsite
object Delete Multiple Objects delete-objects (s3:DeleteObject)
object DELETE Object delete-object s3:DeleteObject
object (DELETE Object) (delete-object, delete-objects) s3:DeleteObjectVersion
object DELETE Object tagging delete-object-tagging (s3:DeleteObject)
object GET Object get-object s3:GetObject
object (GET Object) (get-object) s3:GetObjectVersion
object GET Object ACL get-object-acl s3:GetObjectAcl
object GET Object ACL (Versioning) (get-object-acl) s3:GetObjectVersionAcl
object GET Object tagging get-object-tagging s3:GetObjectTagging
object (GET Object tagging) (get-object-tagging) s3:GetObjectVersionTagging
object GET Object torrent get-object-torrent s3:GetObjectTorrent
object (GET Object torrent) (get-object-torrent) s3:GetObjectVersionTorrent
object HEAD Object head-object s3:GetObject
object HEAD Object (Versioning) head-object s3:GetObject
object OPTIONS object
object POST Object restore restore-object s3:RestoreObject
object PUT Object put-object s3:PutObject
object (PUT Object) put-object-tagging s3:PutObjectTagging
object (PUT Object) (put-object-tagging) s3:PutObjectVersionTagging
object PUT Object(Versioning) put-object s3:PutObject
object PUT Object – Copy copy-object s3:PutObject
object PUT Object – Copy (Versioning) copy-object s3:PutObject
object PUT Object acl put-object-acl s3:PutObjectAcl
object (PUT Object acl) (put-object-acl) s3:PutObjectVersionAcl
object Abort Multipart Upload abort-multipart-upload s3:AbortMultipartUpload
object Complete Mulitpart Upload complete-mulitpart-upload s3:PutObject
object Initiate Mulitpart Upload create-multipart-upload s3:PutObject
object List Parts s3:ListMultipartUploadParts
object Upload Part upload-part s3:PutObject
object Upload Part – Copy upload-part-copy s3:PutObject
bucket s3:ReplicateDelete
bucket s3:ReplicateObject

元記事はこちら

Amazon S3のAPIとAWS CLI、IAM Policyの対応表