What are the default policies available in the Wasabi Console?


By default, the Wasabi Console provides customers with default policies ready to use. These policies achieve different security permissions that can be also combined.

In order to check what permissions each policy allow or deny, you can enter the policy editor (by clicking on the policy name) as shown in the following screenshot:


Here is the list of the default policies provided by the console on the account creation:

  • AmazonS3FullAccess: Allow all S3 actions on all the objects/buckets
  • AmazonS3ReadOnlyAccess: Allow all S3 read actions (s3:Get* and s3:List*)
  • AdministratorAccess: Allow all actions on all the resources
  • WasabiReadOnlyAccess: Allow all S3 read action and ("iam:Get*", "iam:List*", "iam:ChangePassword", "iam:*MFA*", "sts:Get*")
  • WasabiWriteOnlyAccess: Allow "s3:PutObject" and "s3:AbortMultipartUpload"
  • WasabiFullAccess: Allow all S3 actions, all IAM actions, and STS actions
  • WasabiAdministratorAccess: Allow all actions on all the resources
  • IAMUserChangePassword: Allow "iam:ChangePassword" and "iam:GetAccountPasswordPolicy"
  • WasabiViewBillingAccess: Allow "aws-portal:ViewBilling" that enables the user to access the billing portal in read only mode
  • WasabiModifyBillingAccess: Allow "aws-portal:ModifyBilling" that enables the user to edit the billing information on the account.

In order to list all the available actions in Wasabi, you can check the policy generator in the Wasabi Console.








Have more questions? Submit a request