AWS managed policies for Amazon S3 Files

An AWS managed policy is a standalone policy that is created and administered by AWS. AWS managed policies are designed to provide permissions for many common use cases so that you can start assigning permissions to users, groups, and roles.

Keep in mind that AWS managed policies might not grant least-privilege permissions for your specific use cases because they're available for all AWS customers to use. We recommend that you reduce permissions further by defining customer managed policies that are specific to your use cases.

You cannot change the permissions defined in AWS managed policies. If AWS updates the permissions defined in an AWS managed policy, the update affects all principal identities (users, groups, and roles) that the policy is attached to. AWS is most likely to update an AWS managed policy when a new AWS service is launched or new API operations become available for existing services.

For more information, see AWS managed policies in the IAM User Guide.

AWS managed policy: AmazonS3FilesFullAccess

You can attach the AmazonS3FilesFullAccess policy to your IAM identities. This policy grants full access to Amazon S3 Files, including permissions to create and manage file systems, mount targets, and access points. For more information about this policy, see AmazonS3FilesFullAccess in the AWS Managed Policy Reference.

AWS managed policy: AmazonS3FilesReadOnlyAccess

You can attach the AmazonS3FilesReadOnlyAccess policy to your IAM identities. This policy grants read-only access to Amazon S3 Files, including permissions to view file systems, mount targets, access points, and related configurations. For more information about this policy, see AmazonS3FilesReadOnlyAccess in the AWS Managed Policy Reference.

AWS managed policy: AmazonS3FilesClientFullAccess

You can attach the AmazonS3FilesClientFullAccess policy to your IAM identities. This policy grants full client access to S3 Files file systems, including the ability to mount, read, write, and access files as the root user. For more information about this policy, see AmazonS3FilesClientFullAccess in the AWS Managed Policy Reference.

AWS managed policy: AmazonS3FilesClientReadWriteAccess

You can attach the AmazonS3FilesClientReadWriteAccess policy to your IAM identities. This policy grants read and write client access to S3 Files file systems, including the ability to mount, read, and write. This policy does not grant root access. For more information about this policy, see AmazonS3FilesClientReadWriteAccess in the AWS Managed Policy Reference.

AWS managed policy: AmazonS3FilesClientReadOnlyAccess

You can attach the AmazonS3FilesClientReadOnlyAccess policy to your IAM identities. This policy grants read-only client access to S3 Files file systems, including the ability to mount and read from the file system. For more information about this policy, see AmazonS3FilesClientReadOnlyAccess in the AWS Managed Policy Reference.

AWS managed policy: AmazonS3FilesCSIDriverPolicy

You can attach the AmazonS3FilesCSIDriverPolicy policy to your IAM identities. This policy grants permissions for the Amazon EFS Container Storage Interface (CSI) driver to manage S3 Files access points on behalf of Amazon EKS clusters. For more information about this policy, see AmazonS3FilesCSIDriverPolicy in the AWS Managed Policy Reference.

AWS managed policy: AmazonElasticFileSystemUtils

You can attach the AmazonElasticFileSystemUtils policy to your IAM identities. This policy grants permissions for the S3 Files client utilities (amazon-efs-utils) to perform operations such as describing mount targets, publishing CloudWatch metrics and logs, and communicating with AWS Systems Manager. For more information about this policy, see AmazonElasticFileSystemUtils in the AWS Managed Policy Reference.

Amazon S3 Files updates to AWS managed policies

View details about updates to AWS managed policies for Amazon S3 Files since S3 Files began tracking these changes.