A bucket policy is attached to this bucket. Access is granted via both IAM and bucket policy rules.
{% else %}
IAM only
No bucket policy is attached. Access is controlled by IAM policies only.
{% endif %}
{% if can_edit_policy %}
{% set preset_choice = 'custom' %}
{% if not bucket_policy %}
{% set preset_choice = 'private' %}
{% elif bucket_policy_text and bucket_policy_text.strip() == default_policy.strip() %}
{% set preset_choice = 'public' %}
{% endif %}
{% else %}
You do not have permission to edit this policy.
{% endif %}
About Bucket Policies
Bucket policies are JSON-based access policy documents that specify who can access your bucket and under what conditions.
Policy Types
Private — No policy attached; only IAM users with explicit permissions can access.
Public Read — Anyone can read objects, but only authenticated users can write.
Custom — Fine-grained control using AWS IAM policy syntax.
Policy Elements
Effect — Allow or Deny
Principal — Who the policy applies to
Action — Which S3 operations
Resource — Bucket/object ARN
Versioning
{% if versioning_enabled %}
Versioning is enabled
All previous versions of objects are preserved. You can roll back accidental changes or deletions at any time.
{% else %}
Versioning is suspended
New object uploads overwrite existing objects. Enable versioning to preserve previous versions.
{% endif %}
{% if can_manage_versioning %}
{% else %}
You do not have permission to modify versioning for this bucket.
{% endif %}
{% if versioning_enabled %}
Archived Objects
0 items
Objects that have been deleted while versioning is enabled. Their previous versions remain available until you restore or purge them.
Key
Latest Version
Versions
Actions
No archived objects
{% endif %}
{% if encryption_enabled %}
Default Encryption
{% set enc_rules = encryption_config.get('Rules', []) %}
{% set enc_default = enc_rules[0].get('ApplyServerSideEncryptionByDefault', {}) if enc_rules else {} %}
{% set enc_algorithm = enc_default.get('SSEAlgorithm', '') %}
{% set enc_kms_key = enc_default.get('KMSMasterKeyID', '') %}
{% if enc_algorithm %}
Default encryption enabled
{% if enc_algorithm == 'aws:kms' %}
Objects are encrypted with AWS KMS (SSE-KMS).
{% if enc_kms_key %}Key: {{ enc_kms_key[:20] }}...{% endif %}
{% else %}
Objects are encrypted with AES-256 (SSE-S3).
{% endif %}
{% else %}
Default encryption disabled
Objects are stored without default encryption. You can enable server-side encryption below.
{% endif %}
{% if can_manage_encryption %}
{% else %}
You do not have permission to modify encryption settings for this bucket.
{% endif %}
{% endif %}
Storage Quota
{% set max_bytes = bucket_quota.get('max_bytes') %}
{% set max_objects = bucket_quota.get('max_objects') %}
{% set has_quota = max_bytes is not none or max_objects is not none %}
{% set current_objects = bucket_stats.get('objects', 0) %}
{% set version_count = bucket_stats.get('version_count', 0) %}
{% set total_objects = bucket_stats.get('total_objects', current_objects) %}
{% set current_bytes = bucket_stats.get('bytes', 0) %}
{% set version_bytes = bucket_stats.get('version_bytes', 0) %}
{% set total_bytes = bucket_stats.get('total_bytes', current_bytes) %}
Current Usage
{{ total_objects }}
Total Objects
{% if max_objects is not none %}
{% set obj_pct = (total_objects / max_objects * 100) | int if max_objects > 0 else 0 %}
{{ obj_pct }}% of {{ max_objects }} limit
{% else %}
No limit
{% endif %}
{% if version_count > 0 %}
({{ current_objects }} current + {{ version_count }} versions)
{% endif %}
{{ total_bytes | filesizeformat }}
Total Storage
{% if max_bytes is not none %}
{% set bytes_pct = (total_bytes / max_bytes * 100) | int if max_bytes > 0 else 0 %}
{{ bytes_pct }}% of {{ max_bytes | filesizeformat }} limit
{% if max_bytes is not none and max_objects is not none %}
Limited to {{ max_bytes | filesizeformat }} and {{ max_objects }} objects.
{% elif max_bytes is not none %}
Limited to {{ max_bytes | filesizeformat }} storage.
{% else %}
Limited to {{ max_objects }} objects.
{% endif %}
{% else %}
No storage quota
This bucket has no storage or object count limits. Set limits below to control usage.
{% endif %}
{% if can_manage_quota %}
{% else %}
You do not have permission to modify quota settings for this bucket.
{% endif %}
About Versioning
Versioning keeps multiple variants of an object in the same bucket. You can use versioning to preserve, retrieve, and restore every version of every object.
Benefits
Recovery — Restore accidentally deleted or overwritten objects
Audit Trail — Track changes to objects over time
Compliance — Meet retention requirements
How It Works
Each upload creates a new version
Deleting adds a "delete marker"
Previous versions remain accessible
Storage costs apply to all versions
{% if versioning_enabled %}
About Archives
When you delete an object with versioning enabled, S3 inserts a delete marker instead of removing the object. The archived versions remain in the bucket and can be restored at any time.
{% endif %}
{% if encryption_enabled %}
About Encryption
Server-side encryption protects data at rest. Objects are encrypted when stored and decrypted when retrieved.
SSE-KMS — KMS-managed keys with audit trail and key rotation
How It Works
New objects are encrypted using the default setting
Existing objects are not automatically re-encrypted
Decryption is transparent during download
{% endif %}
{% if can_manage_replication %}
Replication Configuration
{% if replication_rule and replication_rule.enabled %}
Replication Active —
{% if replication_rule.mode == 'all' %}
All objects (existing + new) are being replicated.
{% else %}
New uploads to this bucket are automatically replicated.
{% endif %}
Replication Endpoint Unreachable
The target endpoint is not responding. Replication is paused until the endpoint is available.