AmazonS3FilesFullAccess AmazonS3FilesReadOnlyAccess AmazonS3FilesClientFullAccess AmazonS3FilesClientReadWriteAccess AmazonS3FilesClientReadOnlyAccess AmazonS3FilesCSIDriverPolicy AmazonElasticFileSystemUtils Policy updates

Amazon managed policies for Amazon S3 Files

An Amazon managed policy is a standalone policy that is created and administered by Amazon. Amazon managed policies are designed to provide permissions for many common use cases so that you can start assigning permissions to users, groups, and roles.

Keep in mind that Amazon managed policies might not grant least-privilege permissions for your specific use cases because they're available for all Amazon customers to use. We recommend that you reduce permissions further by defining customer managed policies that are specific to your use cases.

You cannot change the permissions defined in Amazon managed policies. If Amazon updates the permissions defined in an Amazon managed policy, the update affects all principal identities (users, groups, and roles) that the policy is attached to. Amazon is most likely to update an Amazon managed policy when a new Amazon Web Services service is launched or new API operations become available for existing services.

For more information, see Amazon managed policies in the IAM User Guide.

Amazon managed policy: AmazonS3FilesFullAccess

You can attach the AmazonS3FilesFullAccess policy to your IAM identities. This policy grants full access to Amazon S3 Files, including permissions to create and manage file systems, mount targets, and access points. For more information about this policy, see AmazonS3FilesFullAccess in the Amazon Managed Policy Reference.

Amazon managed policy: AmazonS3FilesReadOnlyAccess

You can attach the AmazonS3FilesReadOnlyAccess policy to your IAM identities. This policy grants read-only access to Amazon S3 Files, including permissions to view file systems, mount targets, access points, and related configurations. For more information about this policy, see AmazonS3FilesReadOnlyAccess in the Amazon Managed Policy Reference.

Amazon managed policy: AmazonS3FilesClientFullAccess

You can attach the AmazonS3FilesClientFullAccess policy to your IAM identities. This policy grants full client access to S3 Files file systems, including the ability to mount, read, write, and access files as the root user. For more information about this policy, see AmazonS3FilesClientFullAccess in the Amazon Managed Policy Reference.

Amazon managed policy: AmazonS3FilesClientReadWriteAccess

You can attach the AmazonS3FilesClientReadWriteAccess policy to your IAM identities. This policy grants read and write client access to S3 Files file systems, including the ability to mount, read, and write. This policy does not grant root access. For more information about this policy, see AmazonS3FilesClientReadWriteAccess in the Amazon Managed Policy Reference.

Amazon managed policy: AmazonS3FilesClientReadOnlyAccess

You can attach the AmazonS3FilesClientReadOnlyAccess policy to your IAM identities. This policy grants read-only client access to S3 Files file systems, including the ability to mount and read from the file system. For more information about this policy, see AmazonS3FilesClientReadOnlyAccess in the Amazon Managed Policy Reference.

Amazon managed policy: AmazonS3FilesCSIDriverPolicy

You can attach the AmazonS3FilesCSIDriverPolicy policy to your IAM identities. This policy grants permissions for the Amazon EFS Container Storage Interface (CSI) driver to manage S3 Files access points on behalf of Amazon EKS clusters. For more information about this policy, see AmazonS3FilesCSIDriverPolicy in the Amazon Managed Policy Reference.

Amazon managed policy: AmazonElasticFileSystemUtils

You can attach the AmazonElasticFileSystemUtils policy to your IAM identities. This policy grants permissions for the S3 Files client utilities (amazon-efs-utils) to perform operations such as describing mount targets, publishing CloudWatch metrics and logs, and communicating with Amazon Systems Manager. For more information about this policy, see AmazonElasticFileSystemUtils in the Amazon Managed Policy Reference.

Amazon S3 Files updates to Amazon managed policies

View details about updates to Amazon managed policies for Amazon S3 Files since S3 Files began tracking these changes.

Change	Description	Date
`AmazonElasticFileSystemUtils` — Updated	Added Amazon CloudWatch PutMetricData permissions to support publishing client connectivity metrics.	April 7, 2026
`AmazonS3FilesCSIDriverPolicy` — Added	New managed policy that grants permissions for the Amazon EFS CSI driver to manage S3 Files access points on behalf of Amazon EKS clusters.	April 7, 2026
`AmazonS3FilesClientReadOnlyAccess` — Added	New managed policy that grants read-only client access to S3 Files file systems.	April 7, 2026
`AmazonS3FilesClientReadWriteAccess` — Added	New managed policy that grants read and write client access to S3 Files file systems.	April 7, 2026
`AmazonS3FilesClientFullAccess` — Added	New managed policy that grants full client access to S3 Files file systems, including root access.	April 7, 2026
`AmazonS3FilesReadOnlyAccess` — Added	New managed policy that grants read-only access to S3 Files resources.	April 7, 2026
`AmazonS3FilesFullAccess` — Added	New managed policy that grants full access to S3 Files resources.	April 7, 2026
S3 Files started tracking changes	Amazon S3 Files started tracking changes for its Amazon managed policies.	April 7, 2026

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

How S3 Files works with IAM

Metering