Use GetBucketAcl with an Amazon SDK or CLI - Amazon Simple Storage Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Use GetBucketAcl with an Amazon SDK or CLI

The following code examples show how to use GetBucketAcl.

Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:

.NET
Amazon SDK for .NET
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

/// <summary> /// Get the access control list (ACL) for the new bucket. /// </summary> /// <param name="client">The initialized client object used to get the /// access control list (ACL) of the bucket.</param> /// <param name="newBucketName">The name of the newly created bucket.</param> /// <returns>An S3AccessControlList.</returns> public static async Task<S3AccessControlList> GetACLForBucketAsync(IAmazonS3 client, string newBucketName) { // Retrieve bucket ACL to show that the ACL was properly applied to // the new bucket. GetACLResponse getACLResponse = await client.GetACLAsync(new GetACLRequest { BucketName = newBucketName, }); return getACLResponse.AccessControlList; }
  • For API details, see GetBucketAcl in Amazon SDK for .NET API Reference.

C++
SDK for C++
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

bool AwsDoc::S3::getBucketAcl(const Aws::String &bucketName, const Aws::S3::S3ClientConfiguration &clientConfig) { Aws::S3::S3Client s3Client(clientConfig); Aws::S3::Model::GetBucketAclRequest request; request.SetBucket(bucketName); Aws::S3::Model::GetBucketAclOutcome outcome = s3Client.GetBucketAcl(request); if (!outcome.IsSuccess()) { const Aws::S3::S3Error &err = outcome.GetError(); std::cerr << "Error: getBucketAcl: " << err.GetExceptionName() << ": " << err.GetMessage() << std::endl; } else { Aws::Vector<Aws::S3::Model::Grant> grants = outcome.GetResult().GetGrants(); for (auto it = grants.begin(); it != grants.end(); it++) { Aws::S3::Model::Grant grant = *it; Aws::S3::Model::Grantee grantee = grant.GetGrantee(); std::cout << "For bucket " << bucketName << ": " << std::endl << std::endl; if (grantee.TypeHasBeenSet()) { std::cout << "Type: " << getGranteeTypeString(grantee.GetType()) << std::endl; } if (grantee.DisplayNameHasBeenSet()) { std::cout << "Display name: " << grantee.GetDisplayName() << std::endl; } if (grantee.EmailAddressHasBeenSet()) { std::cout << "Email address: " << grantee.GetEmailAddress() << std::endl; } if (grantee.IDHasBeenSet()) { std::cout << "ID: " << grantee.GetID() << std::endl; } if (grantee.URIHasBeenSet()) { std::cout << "URI: " << grantee.GetURI() << std::endl; } std::cout << "Permission: " << getPermissionString(grant.GetPermission()) << std::endl << std::endl; } } return outcome.IsSuccess(); } //! Routine which converts a built-in type enumeration to a human-readable string. /*! \param type: Type enumeration. \return String: Human-readable string. */ Aws::String getGranteeTypeString(const Aws::S3::Model::Type &type) { switch (type) { case Aws::S3::Model::Type::AmazonCustomerByEmail: return "Email address of an AWS account"; case Aws::S3::Model::Type::CanonicalUser: return "Canonical user ID of an AWS account"; case Aws::S3::Model::Type::Group: return "Predefined Amazon S3 group"; case Aws::S3::Model::Type::NOT_SET: return "Not set"; default: return "Type unknown"; } } //! Routine which converts a built-in type enumeration to a human-readable string. /*! \param permission: Permission enumeration. \return String: Human-readable string. */ Aws::String getPermissionString(const Aws::S3::Model::Permission &permission) { switch (permission) { case Aws::S3::Model::Permission::FULL_CONTROL: return "Can list objects in this bucket, create/overwrite/delete " "objects in this bucket, and read/write this " "bucket's permissions"; case Aws::S3::Model::Permission::NOT_SET: return "Permission not set"; case Aws::S3::Model::Permission::READ: return "Can list objects in this bucket"; case Aws::S3::Model::Permission::READ_ACP: return "Can read this bucket's permissions"; case Aws::S3::Model::Permission::WRITE: return "Can create, overwrite, and delete objects in this bucket"; case Aws::S3::Model::Permission::WRITE_ACP: return "Can write this bucket's permissions"; default: return "Permission unknown"; } return "Permission unknown"; }
  • For API details, see GetBucketAcl in Amazon SDK for C++ API Reference.

CLI
Amazon CLI

The following command retrieves the access control list for a bucket named my-bucket:

<userinput>aws s3api get-bucket-acl --bucket <replaceable>my-bucket</replaceable></userinput>

Output:

{ "Owner": { "DisplayName": "my-username", "ID": "7009a8971cd538e11f6b6606438875e7c86c5b672f46db45460ddcd087d36c32" }, "Grants": [ { "Grantee": { "DisplayName": "my-username", "ID": "7009a8971cd538e11f6b6606438875e7c86c5b672f46db45460ddcd087d36c32" }, "Permission": "FULL_CONTROL" } ] }
  • For API details, see GetBucketAcl in Amazon CLI Command Reference.

Java
SDK for Java 2.x
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

import software.amazon.awssdk.services.s3.model.S3Exception; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.s3.S3Client; import software.amazon.awssdk.services.s3.model.GetObjectAclRequest; import software.amazon.awssdk.services.s3.model.GetObjectAclResponse; import software.amazon.awssdk.services.s3.model.Grant; import java.util.List; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class GetAcl { public static void main(String[] args) { final String usage = """ Usage: <bucketName> <objectKey> Where: bucketName - The Amazon S3 bucket to get the access control list (ACL) for. objectKey - The object to get the ACL for.\s """; if (args.length != 2) { System.out.println(usage); System.exit(1); } String bucketName = args[0]; String objectKey = args[1]; System.out.println("Retrieving ACL for object: " + objectKey); System.out.println("in bucket: " + bucketName); Region region = Region.US_EAST_1; S3Client s3 = S3Client.builder() .region(region) .build(); getBucketACL(s3, objectKey, bucketName); s3.close(); System.out.println("Done!"); } public static String getBucketACL(S3Client s3, String objectKey, String bucketName) { try { GetObjectAclRequest aclReq = GetObjectAclRequest.builder() .bucket(bucketName) .key(objectKey) .build(); GetObjectAclResponse aclRes = s3.getObjectAcl(aclReq); List<Grant> grants = aclRes.grants(); String grantee = ""; for (Grant grant : grants) { System.out.format(" %s: %s\n", grant.grantee().id(), grant.permission()); grantee = grant.grantee().id(); } return grantee; } catch (S3Exception e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } return ""; } }
  • For API details, see GetBucketAcl in Amazon SDK for Java 2.x API Reference.

JavaScript
SDK for JavaScript (v3)
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

Get the ACL permissions.

import { GetBucketAclCommand, S3Client } from "@aws-sdk/client-s3"; const client = new S3Client({}); export const main = async () => { const command = new GetBucketAclCommand({ Bucket: "test-bucket", }); try { const response = await client.send(command); console.log(response); } catch (err) { console.error(err); } };
Python
SDK for Python (Boto3)
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

class BucketWrapper: """Encapsulates S3 bucket actions.""" def __init__(self, bucket): """ :param bucket: A Boto3 Bucket resource. This is a high-level resource in Boto3 that wraps bucket actions in a class-like structure. """ self.bucket = bucket self.name = bucket.name def get_acl(self): """ Get the ACL of the bucket. :return: The ACL of the bucket. """ try: acl = self.bucket.Acl() logger.info( "Got ACL for bucket %s. Owner is %s.", self.bucket.name, acl.owner ) except ClientError: logger.exception("Couldn't get ACL for bucket %s.", self.bucket.name) raise else: return acl
  • For API details, see GetBucketAcl in Amazon SDK for Python (Boto3) API Reference.

For a complete list of Amazon SDK developer guides and code examples, see Using this service with an Amazon SDK. This topic also includes information about getting started and details about previous SDK versions.