get-bucket-policy

Returns the policy of a specified bucket.

See also: GET Bucket Policy.

Synopsis

get-bucket-policy
  --bucket <value>
  [--cli-input-json <value>]

Options

--bucket (string)

--cli-input-json (string)

Operates a service or services based on the provided JSON string. If other arguments are provided on the command line, the CLI values override the JSON-provided values. You cannot pass arbitrary binary values using a JSON-provided value, because the string is taken literally.

Examples

The following command retrieves the bucket policy for a bucket named “my-bucket”:

$ aws s3api get-bucket-policy --bucket my-bucket

Output:

{
    "Policy": "{\"Version\":\"2008-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::my-bucket/*\"},{\"Sid\":\"\",\"Effect\":\"Deny\",\"Principal\":\"*\",\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::my-bucket/secret/*\"}]}"
}

Get and Put a Bucket Policy

The following example shows how you can download an S3 bucket policy, make modifications to the file, and then use put-bucket-policy to apply the modified bucket policy. To download the bucket policy to a file, you can run:

$ aws s3api get-bucket-policy --bucket mybucket --query Policy --output text > policy.json

You can then modify the policy.json file as needed. Finally you can apply this modified policy back to the S3 bucket by running:

$ aws s3api put-bucket-policy --bucket mybucket --policy file://policy.json

Output

Policy -> (string)

The bucket policy as a JSON document.