s3:PutObjectVersionAcl is a Permissions management access-level action in the s3 service. Grants permission to use the acl subresource to set the access control list (ACL) permissions for an object that already exists in a bucket
ARNs that s3:PutObjectVersionAcl can be scoped to in an IAM policy.
Keys you can use in the Condition block of a policy that grants s3:PutObjectVersionAcl.
Filters access by the tags associated with the resource
Filters access by the network origin (Internet or VPC)
Filters access by existing access point tag key and value
Filters access by the tags associated with the bucket
Filters access by the AWS Account ID that owns the access point
Filters access by an access point Amazon Resource Name (ARN)
A minimal policy that allows s3:PutObjectVersionAcl. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowS3PutObjectVersionAcl",
"Effect": "Allow",
"Action": "s3:PutObjectVersionAcl",
"Resource": "*"
}
]
}