Menu
Amazon Simple Storage Service
Developer Guide (API Version 2006-03-01)

Multipart Upload API and Permissions

An individual must have the necessary permissions to use the multipart upload operations. You can use ACLs, the bucket policy, or the user policy to grant individuals permissions to perform these operations. The following table lists the required permissions for various multipart upload operations when using ACLs, bucket policy, or the user policy.

ActionRequired Permissions

Initiate Multipart Upload

You must be allowed to perform the s3:PutObject action on an object to initiate multipart upload.

The bucket owner can allow other principals to perform the s3:PutObject action.

Initiator

Container element that identifies who initiated the multipart upload. If the initiator is an AWS account, this element provides the same information as the Owner element. If the initiator is an IAM User, this element provides the user ARN and display name.

Upload Part

You must be allowed to perform the s3:PutObject action on an object to upload a part.

Only the initiator of a multipart upload can upload parts. The bucket owner must allow the initiator to perform the s3:PutObject action on an object in order for the initiator to upload a part for that object.

Upload Part (Copy)

You must be allowed to perform the s3:PutObject action on an object to upload a part. Because your are uploading a part from an existing object, you must be allowed s3:GetObject on the source object.

Only the initiator of a multipart upload can upload parts. The bucket owner must allow the initiator to perform the s3:PutObject action on an object in order for the initiator to upload a part for that object.

Complete Multipart Upload

You must be allowed to perform the s3:PutObject action on an object to complete a multipart upload.

Only the initiator of a multipart upload can complete that multipart upload. The bucket owner must allow the initiator to perform the s3:PutObject action on an object in order for the initiator to complete a multipart upload for that object.

Abort Multipart Upload

You must be allowed to perform the s3:AbortMultipartUpload action to abort a multipart upload.

By default, the bucket owner and the initiator of the multipart upload are allowed to perform this action. If the initiator is an IAM user, that user's AWS account is also allowed to abort that multipart upload.

In addition to these defaults, the bucket owner can allow other principals to perform the s3:AbortMultipartUpload action on an object. The bucket owner can deny any principal the ability to perform the s3:AbortMultipartUpload action.

List Parts

You must be allowed to perform the s3:ListMultipartUploadParts action to list parts in a multipart upload.

By default, the bucket owner has permission to list parts for any multipart upload to the bucket. The initiator of the multipart upload has the permission to list parts of the specific multipart upload. If the multipart upload initiator is an IAM user, the AWS account controlling that IAM user also has permission to list parts of that upload.

In addition to these defaults, the bucket owner can allow other principals to perform the s3:ListMultipartUploadParts action on an object. The bucket owner can also deny any principal the ability to perform the s3:ListMultipartUploadParts action.

List Multipart Uploads

You must be allowed to perform the s3:ListBucketMultipartUploads action on a bucket to list multipart uploads in progress to that bucket.

In addition to the default, the bucket owner can allow other principals to perform the s3:ListBucketMultipartUploads action on the bucket.

For information on the relationship between ACL permissions and permissions in access policies, see Mapping of ACL Permissions and Access Policy Permissions. For information on IAM users, go to Working with Users and Groups.