Viewing the Object Ownership setting for an S3 bucket
S3 Object Ownership is an Amazon S3 bucket-level setting that you can use to disable access control lists (ACLs) and take ownership of every object in your bucket, simplifying access management for data stored in Amazon S3. By default, S3 Object Ownership is set to the Bucket owner enforced setting, and ACLs are disabled for new buckets. With ACLs disabled, the bucket owner owns every object in the bucket and manages access to data exclusively by using access-management policies. We recommend that you keep ACLs disabled, except in unusual circumstances where you must control access for each object individually.
Object Ownership has three settings that you can use to control ownership of objects uploaded to your bucket and to disable or enable ACLs:
ACLs disabled
-
Bucket owner enforced (default) – ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the bucket. ACLs no longer affect permissions to data in the S3 bucket. The bucket uses policies to define access control.
ACLs enabled
-
Bucket owner preferred – The bucket owner owns and has full control over new objects that other accounts write to the bucket with the
bucket-owner-full-control
canned ACL. -
Object writer – The Amazon Web Services account that uploads an object owns the object, has full control over it, and can grant other users access to it through ACLs.
You can view the S3 Object Ownership settings for an Amazon S3 bucket. To set Object Ownership for a new bucket, see Setting Object Ownership when you create a bucket. To set Object Ownership for an existing bucket, see Setting Object Ownership on an existing bucket.
Permissions: To use this operation, you must have the
s3:GetBucketOwnershipControls
permission. For more information about
Amazon S3 permissions, see
Actions, resources, and condition keys for Amazon S3 in the Service Authorization
Reference.
For more information about the permissions to S3 API operations by S3 resource types, see Required permissions for Amazon S3 API operations.
Sign in to the Amazon Web Services Management Console and open the Amazon S3 console at https://console.amazonaws.cn/s3/
. -
In the Buckets list, choose the name of the bucket that you want to apply an Object Ownership setting to.
-
Choose the Permissions tab.
-
Under Object Ownership, you can view the Object Ownership settings for your bucket.
To retrieve the S3 Object Ownership setting for an S3 bucket, use the get-bucket-ownership-controls
aws s3api get-bucket-ownership-controls --bucket
amzn-s3-demo-bucket
To retrieve the Object Ownership setting for an S3 bucket, use the
GetBucketOwnershipControls
API operation. For more information,
see GetBucketOwnershipControls.