Managing Bucket Policies

  • Updated on Jan 30, 2026
  • Published on Jan 28, 2026
  • 2 minute(s) read
Prev Next

Overview of Bucket Policies

A JSON-based bucket policy  can be attached to a view that has the S3 protocol enabled. It defines actions that particular user(s) and/or group(s) are allowed or denied to perform against this view and files or directories under that view.

Bucket policies can be managed by sending PutBucketPolicy, GetBucketPolicy and DeleteBucketPolicy requests to the VAST S3 API.

Creating a Bucket Policy

Bucket policies support a subset of the elements listed in Amazon's IAM JSON Policy Reference. For information about the required JSON format, supported elements and examples, see Identity and Bucket Policy Reference.Identity and Bucket Policy Reference

Bucket policies are created in the same format as identity policies, with the following exceptions:

  • You have to specify principals using the Principal element. The  Principal element specifies the users or groups for which permissions are granted or denied.

  • A bucket policy cannot specify a resource where the prefix does not contain the bucket name.

  • A bucket policy cannot include the BucketCreate action.

A bucket policy can be up to 20 KB.

Attaching a Bucket Policy to a View

Only the bucket owner can attach a bucket policy to the view that exposes the bucket.

There can be only one bucket policy per view. Attaching a new bucket policy to a view will override the previous bucket policy.

The view that exposes the bucket must meet the following requirements:

  • The view has the S3 protocol enabled.

  • The view is controlled with the S3 Native security flavor (through the attached view policy).

  • The view does not have a bucket policy attached. (There can be only one bucket policy per view.)

To attach a bucket policy, send a PutBucketPolicy request to the VAST S3 API.

Viewing a Bucket Policy Attached to a View

To view the bucket policy configuration set for a view, send a  GetBucketPolicy request to the VAST S3 API.

Deleting a Bucket Policy

To delete a bucket policy attached to a view, send a DeleteBucketPolicy request to the VAST S3 API.

The attached bucket policy is also deleted upon deletion of the view to which it is attached.

Related articles
  • Managing Bucket Policies
    VAST Cluster > Version 5.3 > VAST Cluster 5.3 Administrator's Guide > Managing Access Protocols > S3 Object Storage Protocol > Managing S3 Access
  • Managing Bucket Policies
    VAST Cluster > Version 5.2 > VAST Cluster 5.2 Administrator's Guide > Managing Access Protocols > S3 Object Storage Protocol > Managing S3 Access > Managing Identity Policies
  • Managing Bucket Policies
    VAST Cluster > Version 5.4 > VAST Cluster 5.4 Administrator's Guide > Managing Users > Identity Management