s3:GetBucketLogging is a Read access-level action in the s3 service. Grants permission to return the logging status of an Amazon S3 bucket and the permissions users have to view or modify that status
ARNs that s3:GetBucketLogging can be scoped to in an IAM policy.
Keys you can use in the Condition block of a policy that grants s3:GetBucketLogging.
Filters access by the tags associated with the resource
Filters access by the tags associated with the bucket
A minimal policy that allows s3:GetBucketLogging. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowS3GetBucketLogging",
"Effect": "Allow",
"Action": "s3:GetBucketLogging",
"Resource": "*"
}
]
}