s3:ListAllMyBuckets
Literal appearances in AWS managed IAM policies. Statements that use wildcards (for example s3:*) are not counted here. This is not an IAM authorization simulation.
Policies (any)
137
Allow (Action)
134
Deny (Action)
3
NotAction
2
Index generated 4/7/2026, 3:29:24 AM. 559 policies include at least one wildcard action string (any service).
Action reference
SAR-style (unofficial)Service: Amazon S3
Access level
ListDescription
Grants permission to list all buckets owned by the authenticated sender of the request
Allow (Action)
- AIDevOpsAgentAccessPolicy
- AWSAppFabricFullAccess
- AWSAuditManagerAdministratorAccess
- AWSAuditManagerServiceRolePolicy
- AWSBackupAuditAccess
- AWSBackupFullAccess
- AWSBackupOperatorAccess
- AWSBackupServiceLinkedRolePolicyForBackup
- AWSBackupServiceRolePolicyForS3Backup
- AWSCleanRoomsFullAccess
- AWSCleanRoomsMLFullAccess
- AWSCloudTrailFullAccess
- AWSCloudTrailReadOnlyAccess
- AWSCloudTrail_FullAccess
- AWSCodeBuildAdminAccess
- AWSCodeBuildDeveloperAccess
- AWSCodePipelineReadOnlyAccess
- AWSCodePipeline_FullAccess
- AWSCodePipeline_ReadOnlyAccess
- AWSConfigRole
- AWSConfigServiceRolePolicy
- AWSConnector
- AWSDataExchangeFullAccess
- AWSDataExchangeProviderFullAccess
- AWSDataExchangeSubscriberFullAccess
- AWSDataSyncFullAccess
- AWSDataSyncReadOnlyAccess
- AWSDeepRacerFullAccess
- AWSDeepRacerRoboMakerAccessPolicy
- AWSDeepRacerServiceRolePolicy
- AWSElasticBeanstalkReadOnly
- AWSElasticDisasterRecoveryConsoleFullAccess
- AWSElasticDisasterRecoveryConsoleFullAccess_v2
- AWSElementalMediaConvertFullAccess
- AWSElementalMediaConvertReadOnly
- AWSEntityResolutionConsoleFullAccess
- AWSGlueConsoleFullAccess
- AWSGlueConsoleSageMakerNotebookFullAccess
- AWSGlueServiceNotebookRole
- AWSGlueServiceRole
- AWSImageBuilderFullAccess
- AWSIoTDeviceTesterForFreeRTOSFullAccess
- AWSLakeFormationDataAdmin
- AWSLicenseManagerServiceRolePolicy
- AWSMigrationHubOrchestratorConsoleFullAccess
- AWSMigrationHubOrchestratorPlugin
- AWSMigrationHubStrategyCollector
- AWSMigrationHubStrategyConsoleFullAccess
- AWSMigrationHubStrategyServiceRolePolicy
- AWSOpsWorksCMInstanceProfileRole
- AWSProtonDeveloperAccess
- AWSQuickSetupPatchPolicyDeploymentRolePolicy
- AWSRefactoringToolkitFullAccess
- AWSResilienceHubAsssessmentExecutionPolicy
- AWSResourceExplorerServiceRolePolicy
- AWSResourceGroupsReadOnlyAccess
- AWSServiceRoleForSMS
- AWSSupplyChainFederationAdminAccess
- AWSThinkboxAWSPortalAdminPolicy
- AWSTransferConsoleFullAccess
- AWSTransformApplicationDeploymentPolicy
- AWSTrustedAdvisorServiceRolePolicy
- AWSWAFConsoleFullAccess
- AWSWAFConsoleReadOnlyAccess
- AWS_ConfigRole
- AWS_Config_Role
- AccessAnalyzerServiceRolePolicy
- AdministratorAccess-AWSElasticBeanstalk
- AdministratorAccess-Amplify
- AmazonAppFlowFullAccess
- AmazonAppStreamServiceAccess
- AmazonAthenaFullAccess
- AmazonBraketFullAccess
- AmazonChimeFullAccess
- AmazonCloudWatchEvidentlyFullAccess
- AmazonConnectFullAccess
- AmazonConnect_FullAccess
- AmazonDataZoneFullAccess
- AmazonDataZoneRedshiftGlueProvisioningPolicy
- AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary
- AmazonDevOpsGuruServiceRolePolicy
- AmazonEMRFullAccessPolicy_v2
- AmazonElastiCacheFullAccess
- AmazonElasticMapReduceReadOnlyAccess
- AmazonElasticTranscoder_FullAccess
- AmazonElasticTranscoder_JobsSubmitter
- AmazonElasticTranscoder_ReadOnlyAccess
- AmazonFraudDetectorFullAccessPolicy
- AmazonFreeRTOSOTAUpdate
- AmazonGuardDutyServiceRolePolicy
- AmazonHealthLakeFullAccess
- AmazonKendraFullAccess
- AmazonLaunchWizardFullAccessV2
- AmazonLaunchWizard_Fullaccess
- AmazonLexFullAccess
- AmazonLookoutVisionConsoleFullAccess
- AmazonLookoutVisionConsoleReadOnlyAccess
- AmazonMacieServiceRolePolicy
- AmazonMacieSetupRole
- AmazonRedshiftAllCommandsFullAccess
- AmazonRekognitionCustomLabelsFullAccess
- AmazonSageMakerCanvasDataPrepFullAccess
- AmazonSageMakerCanvasEMRServerlessExecutionRolePolicy
- AmazonSageMakerCanvasFullAccess
- AmazonSageMakerFullAccess
- AmazonSageMakerModelGovernanceUseAccess
- AmazonSageMakerModelRegistryFullAccess
- AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy
- AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy
- AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy
- AmazonSecurityLakeAdministrator
- AmazonTimestreamConsoleFullAccess
- AmazonTimestreamFullAccess
- AmazonWorkSpacesPoolServiceAccess
- AwsGlueDataBrewFullAccessPolicy
- BedrockAgentCoreFullAccess
- CloudFrontFullAccess
- CloudWatchApplicationInsightsFullAccess
- CloudWatchAutomaticDashboardsAccess
- CloudWatchSyntheticsFullAccess
- CloudwatchApplicationInsightsServiceLinkedRolePolicy
- ComprehendFullAccess
- LakeFormationDataAccessServiceRolePolicy
- QuickSightAccessForS3StorageManagementAnalyticsReadOnly
- SageMakerStudioAdminProjectUserRolePolicy
- SageMakerStudioFullAccess
- SecurityAudit
- ServerMigrationServiceConsoleFullAccess
- ServerMigrationServiceRole
- ServerMigration_ServiceRole
- TranslateFullAccess
- VPCLatticeFullAccess
- VPCLatticeReadOnlyAccess
- ViewOnlyAccess
Thanks to Ian McKay for iam-dataset (MIT), structured data derived from the AWS Service Authorization Reference. Not maintained by AWS and not guaranteed current. IAMTrail's managed policy archive is separate.
Definitions bundle generated 4/7/2026, 3:29:24 AM