If you make a PutObject call and have Write permission to an S3::Bucket it will fail with 403 because it's missing PutObjectTagging see https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html
Currently read+write permissions generate:
Allow: s3:GetObjectLegalHold
Allow: s3:GetObjectTorrent
Allow: s3:AbortMultipartUpload
Allow: s3:DeleteObject
Allow: s3:ListMultipartUploadParts
Allow: s3:RestoreObject
Allow: s3:GetObjectVersionTorrent
Allow: s3:GetObject
Allow: s3:ListBucketMultipartUploads
Allow: s3:PutObjectLegalHold
Allow: s3:DeleteObjectVersion
Allow: s3:PutObject
Allow: s3:GetObjectVersion
Allow: s3:GetObjectVersionForReplication
Allow: s3:GetObjectVersionAcl
Allow: s3:ListBucket
Allow: s3:GetObjectAcl
Allow: s3:GetObjectRetention
Allow: s3:PutObjectRetention
Allow: s3:ListBucketVersions
Tags on upload can be used with lifecycle rules to make it easy to expire object.
If you make a
PutObjectcall and haveWritepermission to anS3::Bucketit will fail with 403 because it's missingPutObjectTaggingsee https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.htmlCurrently read+write permissions generate:
Tags on upload can be used with lifecycle rules to make it easy to expire object.