s3:PutObject
Literal appearances in AWS managed IAM policies. Statements that use wildcards (for example s3:*) are not counted here. This is not an IAM authorization simulation.
Policies (any)
127
Allow (Action)
127
Deny (Action)
1
NotAction
5
Index generated 4/7/2026, 3:29:24 AM. 559 policies include at least one wildcard action string (any service).
Action reference
SAR-style (unofficial)Service: Amazon S3
Access level
WriteDescription
Grants permission to add an object to a bucket
Resource types
- accesspointobject
- object
Allow (Action)
- AWS-SSM-Automation-DiagnosisBucketPolicy
- AWS-SSM-DiagnosisAutomation-AdministrationRolePolicy
- AWS-SSM-RemediationAutomation-AdministrationRolePolicy
- AWSAgentlessDiscoveryService
- AWSAppFabricServiceRolePolicy
- AWSBackupServiceRolePolicyForItemRestores
- AWSBackupServiceRolePolicyForS3Restore
- AWSCleanRoomsFullAccess
- AWSConnector
- AWSDMSServerlessServiceRolePolicy
- AWSDataExchangeFullAccess
- AWSDataExchangeProviderFullAccess
- AWSDeepRacerRoboMakerAccessPolicy
- AWSDeepRacerServiceRolePolicy
- AWSDiscoveryContinuousExportFirehosePolicy
- AWSElasticBeanstalkCustomPlatformforEC2Role
- AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy
- AWSElasticBeanstalkManagedUpdatesServiceRolePolicy
- AWSElasticBeanstalkWebTier
- AWSElasticBeanstalkWorkerTier
- AWSForWordPressPluginPolicy
- AWSGlueConsoleFullAccess
- AWSGlueConsoleSageMakerNotebookFullAccess
- AWSGlueServiceNotebookRole
- AWSGlueServiceRole
- AWSIoTDeviceTesterForFreeRTOSFullAccess
- AWSIoTDeviceTesterForGreengrassFullAccess
- AWSIoTRuleActions
- AWSLambdaExecute
- AWSLicenseManagerMasterAccountRolePolicy
- AWSLicenseManagerServiceRolePolicy
- AWSManagedServices_DetectiveControlsConfig_ServiceRolePolicy
- AWSMarketplaceSellerProductsFullAccess
- AWSMigrationHubOrchestratorConsoleFullAccess
- AWSMigrationHubOrchestratorPlugin
- AWSMigrationHubStrategyCollector
- AWSMigrationHubStrategyServiceRolePolicy
- AWSMobileHub_FullAccess
- AWSOpsWorksCMInstanceProfileRole
- AWSOpsWorksCMServiceRole
- AWSPanoramaFullAccess
- AWSPanoramaGreengrassGroupRolePolicy
- AWSPanoramaSageMakerRolePolicy
- AWSPanoramaServiceRolePolicy
- AWSPartnerCentralFullAccess
- AWSPartnerCentralMarketingManagement
- AWSQuickSightSageMakerPolicy
- AWSQuicksightAthenaAccess
- AWSRefactoringToolkitFullAccess
- AWSResilienceHubAsssessmentExecutionPolicy
- AWSServiceRoleForSMS
- AWSSupplyChainFederationAdminAccess
- AWSThinkboxAWSPortalAdminPolicy
- AWSThinkboxAWSPortalGatewayPolicy
- AWSThinkboxAWSPortalWorkerPolicy
- AWSThinkboxAssetServerPolicy
- AWSTransformApplicationDeploymentPolicy
- AdministratorAccess-Amplify
- AmazonAppStreamServiceAccess
- AmazonAthenaFullAccess
- AmazonBedrockStudioPermissionsBoundary
- AmazonBraketFullAccess
- AmazonBraketJobsExecutionPolicy
- AmazonBraketServiceRolePolicy
- AmazonConnectServiceLinkedRolePolicy
- AmazonDMSRedshiftS3Role
- AmazonDataZoneEnvironmentRolePermissionsBoundary
- AmazonDataZoneProjectRolePermissionsBoundary
- AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary
- AmazonEC2RolePolicyForLaunchWizard
- AmazonEC2RoleforSSM
- AmazonElasticTranscoderRole
- AmazonEverestServicePolicy
- AmazonFreeRTOSOTAUpdate
- AmazonGrafanaAthenaAccess
- AmazonLambdaRolePolicyForLaunchWizardSAP
- AmazonLaunchWizardFullAccessV2
- AmazonLaunchWizard_Fullaccess
- AmazonLookoutVisionConsoleFullAccess
- AmazonMachineLearningRoleforRedshiftDataSource
- AmazonMachineLearningRoleforRedshiftDataSourceV2
- AmazonMachineLearningRoleforRedshiftDataSourceV3
- AmazonPersonalizeFullAccess
- AmazonRedshiftAllCommandsFullAccess
- AmazonRekognitionCustomLabelsFullAccess
- AmazonSageMakerCanvasBedrockAccess
- AmazonSageMakerCanvasDataPrepFullAccess
- AmazonSageMakerCanvasEMRServerlessExecutionRolePolicy
- AmazonSageMakerCanvasForecastAccess
- AmazonSageMakerCanvasFullAccess
- AmazonSageMakerEdgeDeviceFleetPolicy
- AmazonSageMakerFeatureStoreAccess
- AmazonSageMakerFullAccess
- AmazonSageMakerGeospatialExecutionRole
- AmazonSageMakerGroundTruthExecution
- AmazonSageMakerHyperPodInferenceAccess
- AmazonSageMakerModelGovernanceUseAccess
- AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy
- AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy
- AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy
- AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy
- AmazonSecurityLakeAdministrator
- AmazonSecurityLakeMetastoreManager
- AmazonSecurityLakePermissionsBoundary
- AmazonWorkSpacesPoolServiceAccess
- AwsGlueSessionUserRestrictedNotebookServiceRole
- AwsGlueSessionUserRestrictedServiceRole
- BedrockAgentCoreFullAccess
- ComprehendDataAccessRolePolicy
- ConfigConformsServiceRolePolicy
- DBModProvisioningAndMigration
- DataScientist
- GameLiftContainerFleetPolicy
- IVSRecordToS3
- PartnerCentralIncentiveBenefitManagement
- ROSAImageRegistryOperatorPolicy
- SageMakerStudioAdminProjectUserRolePolicy
- SageMakerStudioBedrockEvaluationJobServiceRolePolicy
- SageMakerStudioEMRInstanceRolePolicy
- SageMakerStudioFullAccess
- SageMakerStudioProjectRoleMachineLearningPolicy
- SageMakerStudioProjectUserRolePermissionsBoundary
- SageMakerStudioProjectUserRolePolicy
- SecurityLakeResourceManagementServiceRolePolicy
- ServerMigrationConnector
- ServerMigrationServiceRole
- ServerMigration_ServiceRole
Deny (Action)
Thanks to Ian McKay for iam-dataset (MIT), structured data derived from the AWS Service Authorization Reference. Not maintained by AWS and not guaranteed current. IAMTrail's managed policy archive is separate.
Definitions bundle generated 4/7/2026, 3:29:24 AM