s3:GetAccessGrant

Read

s3:GetAccessGrant is a Read access-level action in the s3 service. Grants permission to read Access Grant

Resource types

ARNs that s3:GetAccessGrant can be scoped to in an IAM policy.

arn:${Partition}:s3:${Region}:${Account}:access-grants/default/grant/${Token}
accessgrant

Condition keys

Keys you can use in the Condition block of a policy that grants s3:GetAccessGrant.

aws:RequestTag/${TagKey} String

Filters access by the tags that are passed in the request

aws:ResourceTag/${TagKey} String

Filters access by the tags associated with the resource

aws:TagKeys ArrayOfString

Filters access by the tag keys that are passed in the request

Example IAM policy

A minimal policy that allows s3:GetAccessGrant. Replace "Resource": "*" with a specific ARN to follow least privilege.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowS3GetAccessGrant",
      "Effect": "Allow",
      "Action": "s3:GetAccessGrant",
      "Resource": "*"
    }
  ]
}

Related actions in s3

View all s3 actions →