Sub-User policy (only see and access his own bucket)

I use a policy for sub-user so that he can only access his bucket, but I need to know what policy to add that does not list the rest of the buckets that are not assigned to him.

Thanks and regards.



1 comment
  • Hi Jose, 

    Thank you for posting your question on our community forum. Many S3 applications have an automatic/hard-coded ListAllMyBuckets call that is initiated upon connection to S3. If you do not allow this permission (s3:ListAllMyBuckets) in IAM policies, you cannot see any buckets and observe an "Access Denied" error. You must allow ListAllMyBuckets since these applications (Wasabi Console, Veeam, ExpanDrive, etc.) will make this call automatically.  It's important to note that the s3:ListAllMyBuckets permission operates like an on/off switch - you cannot allow access to list only some buckets in the account - it must be either all of the buckets or none buckets (NOTE:  while users can list/view which buckets exist in the account, they cannot access (LIST/GET) any data from inside a bucket unless they have the necessary permissions to do so).

    LINK: How to separate access at a Bucket level?

    If you have further questions/concerns about setting this up, please reach out to us at

    Wasabi Technical Support


Please sign in to leave a comment.

Didn't find what you were looking for?

New post