s3:GetBucketAcl

Literal appearances in AWS managed IAM policies. Statements that use wildcards (for example s3:*) are not counted here. This is not an IAM authorization simulation.

Policies (any)

Allow (Action)

Deny (Action)

NotAction

Index generated 4/7/2026, 3:29:24 AM. 559 policies include at least one wildcard action string (any service).

Action reference

SAR-style (unofficial)

Service: Amazon S3

Access level

Read

Description

Grants permission to use the acl subresource to return the access control list (ACL) of an Amazon S3 bucket

Resource types

accesspoint
bucket

Allow (Action)

AIDevOpsAgentAccessPolicy
AIOpsAssistantPolicy
AWSAuditManagerServiceRolePolicy
AWSBackupServiceRolePolicyForS3Backup
AWSConfigRole
AWSConfigServiceRolePolicy
AWSDeepRacerCloudFormationAccessPolicy
AWSDeepRacerFullAccess
AWSDeepRacerServiceRolePolicy
AWSForWordPressPluginPolicy
AWSGlueConsoleFullAccess
AWSGlueConsoleSageMakerNotebookFullAccess
AWSGlueServiceNotebookRole
AWSGlueServiceRole
AWSLakeFormationDataAdmin
AWSManagedServices_DetectiveControlsConfig_ServiceRolePolicy
AWSMigrationHubOrchestratorConsoleFullAccess
AWSMigrationHubOrchestratorPlugin
AWSMigrationHubStrategyCollector
AWSMigrationHubStrategyServiceRolePolicy
AWSServiceRoleForSMS
AWSThinkboxAWSPortalAdminPolicy
AWSTrustedAdvisorServiceRolePolicy
AWS_ConfigRole
AWS_Config_Role
AccessAnalyzerServiceRolePolicy
AmazonChimeFullAccess
AmazonConnectServiceLinkedRolePolicy
AmazonConnect_FullAccess
AmazonDMSRedshiftS3Role
AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary
AmazonGuardDutyServiceRolePolicy
AmazonMacieServiceRolePolicy
AmazonRedshiftAllCommandsFullAccess
AmazonRekognitionCustomLabelsFullAccess
AmazonSageMakerFeatureStoreAccess
AmazonSageMakerFullAccess
AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy
AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy
AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy
ConfigConformsServiceRolePolicy
SageMakerStudioAdminIAMDefaultExecutionPolicy
SageMakerStudioProjectUserRolePolicy
SageMakerStudioUserIAMDefaultExecutionPolicy
ServerMigrationServiceRole
ServerMigration_ServiceRole

Deny (Action)

None

NotAction

AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary

Thanks to Ian McKay for iam-dataset (MIT), structured data derived from the AWS Service Authorization Reference. Not maintained by AWS and not guaranteed current. IAMTrail's managed policy archive is separate.

Definitions bundle generated 4/7/2026, 3:29:24 AM