Example bucket policies for directory buckets

This section provides example directory bucket policies. To use these policies, replace the user input placeholders with your own information.

The following example bucket policy allows AWS account ID 111122223333 to use the CreateSession API operation with the default ReadWrite session for the specified directory bucket. This policy grants access to the Zonal endpoint (object level) API operations.

Example – Bucket policy to allow `CreateSession` calls with the default `ReadWrite` session

Example – Bucket policy to allow `CreateSession` calls with a `ReadOnly` session

The following example bucket policy allows AWS account ID 111122223333 to use the CreateSession API operation. This policy uses the s3express:SessionMode condition key with the ReadOnly value to set a read-only session.

Example – Bucket policy to allow cross-account access for `CreateSession` calls

The following example bucket policy allows AWS account ID 111122223333 to use the CreateSession API operation for the specified directory bucket that's owned by AWS account ID 444455556666.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Identity-based policies

Authorizing Zonal endpoint API operations with CreateSession

Example bucket policies for directory buckets

Example – Bucket policy to allow CreateSession calls with the default ReadWrite session

Example – Bucket policy to allow CreateSession calls with a ReadOnly session

Example – Bucket policy to allow cross-account access for CreateSession calls

Example – Bucket policy to allow `CreateSession` calls with the default `ReadWrite` session

Example – Bucket policy to allow `CreateSession` calls with a `ReadOnly` session

Example – Bucket policy to allow cross-account access for `CreateSession` calls