s3:GetBucketLocation

Literal appearances in AWS managed IAM policies. Statements that use wildcards (for example s3:*) are not counted here. This is not an IAM authorization simulation.

Policies (any)

116

Allow (Action)

116

Deny (Action)

NotAction

Index generated 4/7/2026, 3:29:24 AM. 559 policies include at least one wildcard action string (any service).

Action reference

SAR-style (unofficial)

Service: Amazon S3

Access level

Read

Description

Grants permission to return the Region that an Amazon S3 bucket resides in

Resource types

accesspoint
bucket

Allow (Action)

AIDevOpsAgentAccessPolicy
AIOpsAssistantPolicy
AWSAppFabricFullAccess
AWSBackupAuditAccess
AWSBackupServiceRolePolicyForItemRestores
AWSBackupServiceRolePolicyForS3Backup
AWSBackupServiceRolePolicyForS3Restore
AWSCleanRoomsFullAccess
AWSCleanRoomsMLFullAccess
AWSCloudTrailFullAccess
AWSCloudTrailReadOnlyAccess
AWSCloudTrail_FullAccess
AWSCodeBuildAdminAccess
AWSCodeBuildDeveloperAccess
AWSConfigRole
AWSConfigServiceRolePolicy
AWSConnector
AWSDMSServerlessServiceRolePolicy
AWSDataExchangeFullAccess
AWSDataExchangeProviderFullAccess
AWSDataExchangeSubscriberFullAccess
AWSDataSyncFullAccess
AWSDeepRacerFullAccess
AWSDeepRacerRoboMakerAccessPolicy
AWSDeepRacerServiceRolePolicy
AWSDiscoveryContinuousExportFirehosePolicy
AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy
AWSElasticBeanstalkManagedUpdatesServiceRolePolicy
AWSElasticBeanstalkReadOnly
AWSElasticDisasterRecoveryConsoleFullAccess
AWSElasticDisasterRecoveryConsoleFullAccess_v2
AWSEntityResolutionConsoleFullAccess
AWSGlueConsoleFullAccess
AWSGlueConsoleSageMakerNotebookFullAccess
AWSGlueServiceNotebookRole
AWSGlueServiceRole
AWSGreengrassResourceAccessRolePolicy
AWSImageBuilderFullAccess
AWSLakeFormationDataAdmin
AWSLicenseManagerMasterAccountRolePolicy
AWSLicenseManagerServiceRolePolicy
AWSManagedServicesDeploymentToolkitPolicy
AWSMigrationHubOrchestratorConsoleFullAccess
AWSMigrationHubStrategyCollector
AWSMigrationHubStrategyServiceRolePolicy
AWSQuicksightAthenaAccess
AWSRefactoringToolkitFullAccess
AWSResilienceHubAsssessmentExecutionPolicy
AWSResourceExplorerServiceRolePolicy
AWSServiceRoleForSMS
AWSServiceRolePolicyForBackupReports
AWSSupplyChainFederationAdminAccess
AWSThinkboxAWSPortalAdminPolicy
AWSTransformApplicationDeploymentPolicy
AWSTrustedAdvisorServiceRolePolicy
AWS_ConfigRole
AWS_Config_Role
AccessAnalyzerServiceRolePolicy
AdministratorAccess-Amplify
AmazonAppFlowFullAccess
AmazonAthenaFullAccess
AmazonChimeFullAccess
AmazonCloudWatchEvidentlyFullAccess
AmazonConnectFullAccess
AmazonConnectServiceLinkedRolePolicy
AmazonConnect_FullAccess
AmazonDMSRedshiftS3Role
AmazonDataZoneEnvironmentRolePermissionsBoundary
AmazonDataZoneFullAccess
AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary
AmazonEC2RolePolicyForLaunchWizard
AmazonEC2RoleforSSM
AmazonFraudDetectorFullAccessPolicy
AmazonFreeRTOSOTAUpdate
AmazonGrafanaAthenaAccess
AmazonHealthLakeFullAccess
AmazonKendraFullAccess
AmazonLaunchWizardFullAccessV2
AmazonLaunchWizard_Fullaccess
AmazonLexFullAccess
AmazonLookoutVisionConsoleFullAccess
AmazonMachineLearningRoleforRedshiftDataSource
AmazonMachineLearningRoleforRedshiftDataSourceV2
AmazonMachineLearningRoleforRedshiftDataSourceV3
AmazonMacieServiceRolePolicy
AmazonRedshiftAllCommandsFullAccess
AmazonRekognitionCustomLabelsFullAccess
AmazonRoute53FullAccess
AmazonSageMakerCanvasDataPrepFullAccess
AmazonSageMakerCanvasEMRServerlessExecutionRolePolicy
AmazonSageMakerCanvasFullAccess
AmazonSageMakerEdgeDeviceFleetPolicy
AmazonSageMakerFullAccess
AmazonSageMakerGroundTruthExecution
AmazonSageMakerModelGovernanceUseAccess
AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy
AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy
AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy
AmazonSecurityLakePermissionsBoundary
AwsGlueDataBrewFullAccessPolicy
CloudWatchSyntheticsFullAccess
ComprehendFullAccess
DBModProvisioningAndMigration
GameLiftContainerFleetPolicy
NetworkAdministrator
QuickSightAccessForS3StorageManagementAnalyticsReadOnly
ROSAImageRegistryOperatorPolicy
SageMakerStudioBedrockEvaluationJobServiceRolePolicy
SageMakerStudioFullAccess
SageMakerStudioProjectUserRolePermissionsBoundary
SageMakerStudioProjectUserRolePolicy
ServerMigrationConnector
ServerMigrationServiceRole
ServerMigration_ServiceRole
TranslateFullAccess
VMImportExportRoleForAWSConnector

Deny (Action)

AmazonSecurityLakePermissionsBoundary

NotAction

AmazonDataZoneEnvironmentRolePermissionsBoundary
AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary
AmazonSecurityLakePermissionsBoundary
SageMakerStudioProjectUserRolePermissionsBoundary

Thanks to Ian McKay for iam-dataset (MIT), structured data derived from the AWS Service Authorization Reference. Not maintained by AWS and not guaranteed current. IAMTrail's managed policy archive is separate.

Definitions bundle generated 4/7/2026, 3:29:24 AM