Get the ACL of an Amazon S3 bucket using an Amazon SDK - Amazon Simple Storage Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Get the ACL of an Amazon S3 bucket using an Amazon SDK

The following code examples show how to get the access control list (ACL) of an S3 bucket.

Go
SDK for Go V2
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

package main import ( "context" "flag" "fmt" "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/service/s3" ) // S3GetBucketAclAPI defines the interface for the GetBucketAcl function. // We use this interface to test the function using a mocked service. type S3GetBucketAclAPI interface { GetBucketAcl(ctx context.Context, params *s3.GetBucketAclInput, optFns ...func(*s3.Options)) (*s3.GetBucketAclOutput, error) } // FindBucketAcl retrieves the access control list (ACL) for an Amazon Simple Storage Service (Amazon S3) bucket. // Inputs: // c is the context of the method call, which includes the AWS Region // api is the interface that defines the method call // input defines the input arguments to the service call. // Output: // If success, a GetBucketAclOutput object containing the result of the service call and nil // Otherwise, nil and an error from the call to GetBucketAcl func FindBucketAcl(c context.Context, api S3GetBucketAclAPI, input *s3.GetBucketAclInput) (*s3.GetBucketAclOutput, error) { return api.GetBucketAcl(c, input) } func main() { bucket := flag.String("b", "", "The bucket for which the ACL is returned") flag.Parse() if *bucket == "" { fmt.Println("You must supply a bucket name (-b BUCKET)") return } cfg, err := config.LoadDefaultConfig(context.TODO()) if err != nil { panic("configuration error, " + err.Error()) } client := s3.NewFromConfig(cfg) input := &s3.GetBucketAclInput{ Bucket: bucket, } result, err := FindBucketAcl(context.TODO(), client, input) if err != nil { fmt.Println("Got an error retrieving ACL for " + *bucket) return } fmt.Println("Owner:", *result.Owner.DisplayName) fmt.Println("") fmt.Println("Grants") for _, g := range result.Grants { // If we add a canned ACL, the name is nil if g.Grantee.DisplayName == nil { fmt.Println(" Grantee: EVERYONE") } else { fmt.Println(" Grantee: ", *g.Grantee.DisplayName) } fmt.Println(" Type: ", string(g.Grantee.Type)) fmt.Println(" Permission:", string(g.Permission)) fmt.Println("") } }
  • For API details, see GetBucketAcl in Amazon SDK for Go API Reference.

Java
SDK for Java 2.x
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

public static String getBucketACL(S3Client s3, String objectKey,String bucketName) { try { GetObjectAclRequest aclReq = GetObjectAclRequest.builder() .bucket(bucketName) .key(objectKey) .build(); GetObjectAclResponse aclRes = s3.getObjectAcl(aclReq); List<Grant> grants = aclRes.grants(); String grantee = ""; for (Grant grant : grants) { System.out.format(" %s: %s\n", grant.grantee().id(), grant.permission()); grantee = grant.grantee().id(); } return grantee; } catch (S3Exception e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } return ""; }
  • For API details, see GetBucketAcl in Amazon SDK for Java 2.x API Reference.

JavaScript
SDK for JavaScript V3
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

Create the client.

// Create service client module using ES6 syntax. import { S3Client } from "@aws-sdk/client-s3"; // Set the AWS Region. const REGION = "us-east-1"; // Create an Amazon S3 service client object. const s3Client = new S3Client({ region: REGION }); export { s3Client };

Get the ACL permissions.

// Import required AWS SDK clients and commands for Node.js. import { GetBucketAclCommand } from "@aws-sdk/client-s3"; import { s3Client } from "./libs/s3Client.js"; // Helper function that creates an Amazon S3 service client module. // Create the parameters. export const bucketParams = { Bucket: "BUCKET_NAME" }; export const run = async () => { try { const data = await s3Client.send(new GetBucketAclCommand(bucketParams)); console.log("Success", data.Grants); return data; // For unit tests. } catch (err) { console.log("Error", err); } }; run();
Python
SDK for Python (Boto3)
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

class BucketWrapper: """Encapsulates S3 bucket actions.""" def __init__(self, bucket): """ :param bucket: A Boto3 Bucket resource. This is a high-level resource in Boto3 that wraps bucket actions in a class-like structure. """ self.bucket = bucket self.name = bucket.name def get_acl(self): """ Get the ACL of the bucket. :return: The ACL of the bucket. """ try: acl = self.bucket.Acl() logger.info( "Got ACL for bucket %s. Owner is %s.", self.bucket.name, acl.owner) except ClientError: logger.exception("Couldn't get ACL for bucket %s.", self.bucket.name) raise else: return acl
  • For API details, see GetBucketAcl in Amazon SDK for Python (Boto3) API Reference.

For a complete list of Amazon SDK developer guides and code examples, see Using this service with an Amazon SDK. This topic also includes information about getting started and details about previous SDK versions.