s3:CreateBucket
Literal appearances in AWS managed IAM policies. Statements that use wildcards (for example s3:*) are not counted here. This is not an IAM authorization simulation.
Policies (any)
79
Allow (Action)
76
Deny (Action)
2
NotAction
3
Index generated 4/7/2026, 3:29:24 AM. 559 policies include at least one wildcard action string (any service).
Action reference
SAR-style (unofficial)Service: Amazon S3
Access level
WriteDescription
Grants permission to create a new bucket
Resource types
- bucket*
Allow (Action)
- AWSBackupServiceRolePolicyForS3Restore
- AWSCloudTrailFullAccess
- AWSCloudTrail_FullAccess
- AWSCodePipeline_FullAccess
- AWSConnector
- AWSCostAndUsageReportAutomationPolicy
- AWSDMSServerlessServiceRolePolicy
- AWSDataPipelineRole
- AWSDeepLensServiceRolePolicy
- AWSDeepRacerCloudFormationAccessPolicy
- AWSForWordPressPluginPolicy
- AWSGlueConsoleFullAccess
- AWSGlueConsoleSageMakerNotebookFullAccess
- AWSGlueServiceRole
- AWSIoTDeviceTesterForFreeRTOSFullAccess
- AWSIoTDeviceTesterForGreengrassFullAccess
- AWSManagedServicesDeploymentToolkitPolicy
- AWSManagedServices_DetectiveControlsConfig_ServiceRolePolicy
- AWSMigrationHubOrchestratorPlugin
- AWSMigrationHubStrategyCollector
- AWSMigrationHubStrategyConsoleFullAccess
- AWSOpsWorksCMServiceRole
- AWSPanoramaServiceRolePolicy
- AWSQuickSetupPatchPolicyDeploymentRolePolicy
- AWSQuickSetupPatchPolicyPermissionsBoundary
- AWSQuickSetupSSMDeploymentS3BucketRolePolicy
- AWSQuicksightAthenaAccess
- AWSResilienceHubAsssessmentExecutionPolicy
- AWSServiceRoleForSMS
- AWSSystemsManagerEnableConfigRecordingExecutionPolicy
- AWSThinkboxAWSPortalAdminPolicy
- AdministratorAccess-AWSElasticBeanstalk
- AdministratorAccess-Amplify
- AmazonAppStreamServiceAccess
- AmazonAthenaFullAccess
- AmazonBraketFullAccess
- AmazonBraketJobsExecutionPolicy
- AmazonConnectFullAccess
- AmazonConnect_FullAccess
- AmazonDMSRedshiftS3Role
- AmazonDataZoneFullAccess
- AmazonDataZoneGlueManageAccessRolePolicy
- AmazonDataZoneProjectDeploymentPermissionsBoundary
- AmazonDataZoneProjectRolePermissionsBoundary
- AmazonElasticMapReduceRole
- AmazonGrafanaAthenaAccess
- AmazonLaunchWizardFullAccessV2
- AmazonLaunchWizardFullaccess
- AmazonLaunchWizard_Fullaccess
- AmazonLookoutVisionConsoleFullAccess
- AmazonMacieSetupRole
- AmazonRedshiftAllCommandsFullAccess
- AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy
- AmazonSageMakerCanvasFullAccess
- AmazonSageMakerFullAccess
- AmazonSageMakerModelGovernanceUseAccess
- AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy
- AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy
- AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy
- AmazonSecurityLakeAdministrator
- AmazonWorkSpacesPoolServiceAccess
- ApplicationDiscoveryServiceContinuousExportServiceRolePolicy
- AwsGlueSessionUserRestrictedNotebookServiceRole
- AwsGlueSessionUserRestrictedServiceRole
- BedrockAgentCoreFullAccess
- CloudWatchSyntheticsFullAccess
- DBModProvisioningAndMigration
- DataScientist
- DatabaseAdministrator
- ROSAImageRegistryOperatorPolicy
- SageMakerStudioAdminIAMDefaultExecutionPolicy
- SageMakerStudioFullAccess
- SageMakerStudioProjectProvisioningRolePolicy
- ServerMigrationConnector
- ServerMigrationServiceRole
- ServerMigration_ServiceRole
Thanks to Ian McKay for iam-dataset (MIT), structured data derived from the AWS Service Authorization Reference. Not maintained by AWS and not guaranteed current. IAMTrail's managed policy archive is separate.
Definitions bundle generated 4/7/2026, 3:29:24 AM