s3:DeleteObject
Literal appearances in AWS managed IAM policies. Statements that use wildcards (for example s3:*) are not counted here. This is not an IAM authorization simulation.
Policies (any)
67
Allow (Action)
65
Deny (Action)
2
NotAction
4
Index generated 4/7/2026, 3:29:24 AM. 559 policies include at least one wildcard action string (any service).
Action reference
SAR-style (unofficial)Service: Amazon S3
Access level
WriteDescription
Grants permission to remove the null version of an object and insert a delete marker, which becomes the current version of the object
Resource types
- accesspointobject
- object
Allow (Action)
- AWS-SSM-Automation-DiagnosisBucketPolicy
- AWS-SSM-DiagnosisAutomation-AdministrationRolePolicy
- AWS-SSM-RemediationAutomation-AdministrationRolePolicy
- AWSBackupServiceRolePolicyForS3Restore
- AWSConnector
- AWSDMSServerlessServiceRolePolicy
- AWSDataPipelineRole
- AWSDeepRacerFullAccess
- AWSDeepRacerServiceRolePolicy
- AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy
- AWSElasticBeanstalkManagedUpdatesServiceRolePolicy
- AWSForWordPressPluginPolicy
- AWSGlueServiceNotebookRole
- AWSGlueServiceRole
- AWSIoTDeviceTesterForFreeRTOSFullAccess
- AWSIoTDeviceTesterForGreengrassFullAccess
- AWSLicenseManagerMasterAccountRolePolicy
- AWSManagedServicesDeploymentToolkitPolicy
- AWSManagedServices_DetectiveControlsConfig_ServiceRolePolicy
- AWSOpsWorksCMInstanceProfileRole
- AWSOpsWorksCMServiceRole
- AWSPanoramaFullAccess
- AWSPanoramaServiceRolePolicy
- AWSQuickSetupPatchPolicyPermissionsBoundary
- AWSQuickSetupSSMManageResourcesExecutionPolicy
- AWSRefactoringToolkitFullAccess
- AWSServiceRoleForSMS
- AWSThinkboxAWSPortalAdminPolicy
- AdministratorAccess-Amplify
- AmazonAppStreamServiceAccess
- AmazonBedrockStudioPermissionsBoundary
- AmazonConnectServiceLinkedRolePolicy
- AmazonDMSRedshiftS3Role
- AmazonDataZoneEnvironmentRolePermissionsBoundary
- AmazonDataZoneProjectRolePermissionsBoundary
- AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary
- AmazonDynamoDBFullAccesswithDataPipeline
- AmazonLambdaRolePolicyForLaunchWizardSAP
- AmazonMacieSetupRole
- AmazonPersonalizeFullAccess
- AmazonRedshiftAllCommandsFullAccess
- AmazonSageMakerCanvasDataPrepFullAccess
- AmazonSageMakerCanvasEMRServerlessExecutionRolePolicy
- AmazonSageMakerCanvasFullAccess
- AmazonSageMakerFullAccess
- AmazonSageMakerHyperPodInferenceAccess
- AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy
- AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy
- AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy
- AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy
- AmazonSecurityLakeMetastoreManager
- AmazonWorkSpacesPoolServiceAccess
- AwsGlueSessionUserRestrictedNotebookServiceRole
- AwsGlueSessionUserRestrictedServiceRole
- DBModProvisioningAndMigration
- DataScientist
- ROSAImageRegistryOperatorPolicy
- SageMakerStudioAdminProjectUserRolePolicy
- SageMakerStudioProjectRoleMachineLearningPolicy
- SageMakerStudioProjectUserRolePermissionsBoundary
- SageMakerStudioProjectUserRolePolicy
- SecurityLakeResourceManagementServiceRolePolicy
- ServerMigrationConnector
- ServerMigrationServiceRole
- ServerMigration_ServiceRole
Thanks to Ian McKay for iam-dataset (MIT), structured data derived from the AWS Service Authorization Reference. Not maintained by AWS and not guaranteed current. IAMTrail's managed policy archive is separate.
Definitions bundle generated 4/7/2026, 3:29:24 AM