Description

The Apply S3 Bucket Policy action can be used to apply a bucket policy to one or more S3 buckets.

Test Mode

This action includes a "test mode" as a way of determining which buckets will have the policy applied without actually applying the policy. This way, you can fine tune your action without concern for applying to the wrong buckets.

When test mode is enabled, execute your action normally then check the action logs to verify that only buckets that should have been modified would have been modified, and that buckets that should not have been modified would not have been modified.

When you are satisfied, disable Test Mode.

Settings

Please see Common Action Settings for a description of settings common to all action types.

Bucket Identification Method

Method with which to match buckets to have the policy applied. Possible choices include:

  • All Buckets
  • By Resource Tag
  • By Bucket Name

Bucket Name

Comparison to use against the name of the bucket. Required only when Bucket Identification Method is set to "By Bucket Name".

Resource Tag Name

Name of a resource tag on the selected buckets. Required only when Bucket Identification Method is set to "By Bucket Name".

Resource Tag Value

Comparison to use against the resource tag. Required only when Bucket Identification Method is set to "By Bucket Name".

Policy Type

Indicates the policy to apply to the buckets. Possible options are:

  • Enforce AES256 Encryption
  • Custom

Custom Policy Content

Specifies the custom bucket policy. Required when Policy Type is set to "Custom". This must be a valid bucket policy in JSON format.

Apply Method

Specifies the rule in which the policy is applied to the bucket. Possible choices include:

  • Always overwrite
  • Apply only if the bucket does not already have a policy

Test Mode

Enables and disabled Test Mode (see above).

Amazon Commands Used

The following Amazon AWS commands are used. The access key should have permission to execute all of them.

  • s3:GetBucketLocation
  • s3:GetBucketPolicy
  • s3:GetBucketTagging
  • s3:ListAllMyBuckets
  • s3:PutBucketPolicy
Did this answer your question?