Managing Bucket Policies

  • Updated on Jan 31, 2026
  • Published on Jan 27, 2026
  • 2 minute(s) read
Prev Next

Overview of Bucket Policies

A JSON-based bucket policy  can be attached to a view for protocols NFSv3, NFSv2, S3, and SMB, that has the S3 security flavor enabled. It defines actions that particular user(s) and/or group(s) are allowed or denied to perform against this view, and the files or directories under that view.

Bucket policies can be managed by sending PutBucketPolicy, GetBucketPolicy and DeleteBucketPolicy requests to the VAST S3 API.

Creating a Bucket Policy

Bucket policies support a subset of the elements listed in Amazon's IAM JSON Policy Reference. For information about the required JSON format, supported elements and examples, see Identity and Bucket Policy Reference.Identity and Bucket Policy Reference

Bucket policies are created in the same format as identity policies, with the following exceptions:Identity and Bucket Policy Reference

  • You have to specify principals using the Principal element. The  Principal element specifies the users, groups, or IAM roles, for which permissions are granted or denied.

  • A bucket policy cannot specify a resource where the prefix does not contain the bucket name.

  • A bucket policy cannot include the BucketCreate action.

A bucket policy can be up to 20 KB.

Attaching a Bucket Policy to a View

Only the bucket owner can attach a bucket policy to the view that exposes the bucket.

There can be only one bucket policy per view. Attaching a new bucket policy to a view will override the previous bucket policy.

The view that exposes the bucket must meet the following requirements:

  • The view has the S3 protocol enabled.

  • The view is controlled with the S3 Native security flavor (through the attached view policy).

To attach a bucket policy, send a PutBucketPolicy request to the VAST S3 API.

Viewing a Bucket Policy Attached to a View

To view the bucket policy configuration set for a view, send a  GetBucketPolicy request to the VAST S3 API.

Deleting a Bucket Policy

To delete a bucket policy attached to a view, send a DeleteBucketPolicy request to the VAST S3 API.

The attached bucket policy is also deleted upon deletion of the view to which it is attached.

Related articles
  • Managing Bucket Policies
    VAST Cluster > Version 5.4 > VAST Cluster 5.4 Tenant Administrator's Guide > Managing Users > Identity Management
  • Managing Bucket Policies
    VAST Cluster > Version 5.3 > VAST Cluster 5.3 Tenant Administrator’s Guide > Managing Access Protocols > S3 Object Storage Protocol > Managing S3 Access
  • Managing Bucket Policies
    VAST Cluster > Version 5.3 > VAST Cluster 5.3 Administrator's Guide > Managing Access Protocols > S3 Object Storage Protocol > Managing S3 Access