This implementation of the GET
action uses the acl
subresource to return the access control list (ACL) of a bucket. To use GET
to return the ACL of the bucket, you must have READ_ACP
access to the bucket. If READ_ACP
permission is granted to the anonymous user, you can return the ACL of the bucket without using an authorization header.
Related Resources
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
get-bucket-acl
--bucket <value>
[--expected-bucket-owner <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--bucket
(string)
Specifies the S3 bucket whose ACL is being requested.
--expected-bucket-owner
(string)
The account id of the expected bucket owner. If the bucket is owned by a different account, the request will fail with an HTTP
403 (Access Denied)
error.
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
The following command retrieves the access control list for a bucket named my-bucket
:
aws s3api get-bucket-acl --bucket my-bucket
Output:
{
"Owner": {
"DisplayName": "my-username",
"ID": "7009a8971cd538e11f6b6606438875e7c86c5b672f46db45460ddcd087d36c32"
},
"Grants": [
{
"Grantee": {
"DisplayName": "my-username",
"ID": "7009a8971cd538e11f6b6606438875e7c86c5b672f46db45460ddcd087d36c32"
},
"Permission": "FULL_CONTROL"
}
]
}
Owner -> (structure)
Container for the bucket owner’s display name and ID.
DisplayName -> (string)
Container for the display name of the owner.
ID -> (string)
Container for the ID of the owner.
Grants -> (list)
A list of grants.
(structure)
Container for grant information.
Grantee -> (structure)
The person being granted permissions.
DisplayName -> (string)
Screen name of the grantee.
EmailAddress -> (string)
Email address of the grantee.
Note
Using email addresses to specify a grantee is only supported in the following AWS Regions:
US East (N. Virginia)
US West (N. California)
US West (Oregon)
Asia Pacific (Singapore)
Asia Pacific (Sydney)
Asia Pacific (Tokyo)
Europe (Ireland)
South America (São Paulo)
For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the AWS General Reference.
ID -> (string)
The canonical user ID of the grantee.
Type -> (string)
Type of grantee
URI -> (string)
URI of the grantee group.
Permission -> (string)
Specifies the permission given to the grantee.