IAM for S3 Resources

Bucket Name and Object Key Specified

  • The following ARN identifies the /developers/design_info.doc object in the examplebucket bucket.

    • arn:aws:s3:::examplebucket/developers/design_info.doc

Wildcards

  • You can use wildcards as part of the resource ARN.

  • You can use wildcard characters (* and ?) within any ARN segment (the parts separated by colons).

Examples of Wildcards

  • The following ARN uses the wildcard * in the relative-ID part of the ARN to identify all objects in the examplebucket bucket.

    • arn:aws:s3:::examplebucket/*

  • The following ARN uses * to indicate all S3 resources (all S3 buckets and objects in your account).

    • arn:aws:s3:::*

  • The following ARN uses both wildcards, * and ?, in the relative-ID part. It identifies all objects in buckets such as example1bucket, example2bucket, example3bucket, and so on.

    • arn:aws:s3:::example?bucket/*

PreviousIAM ConditionsNextIAM Permission Boundaries

Last updated