Maximum 10 tags. Keys and values up to 256 characters.
Versions
No preview available
Bucket Policy
{% if bucket_policy %}
Policy attached
A bucket policy is attached to this bucket. Access is granted via both IAM and bucket policy rules.
{% else %}
IAM only
No bucket policy is attached. Access is controlled by IAM policies only.
{% endif %}
{% if can_edit_policy %}
{% set preset_choice = 'custom' %}
{% if not bucket_policy %}
{% set preset_choice = 'private' %}
{% elif bucket_policy_text and bucket_policy_text.strip() == default_policy.strip() %}
{% set preset_choice = 'public' %}
{% endif %}
{% else %}
You do not have permission to edit this policy.
{% endif %}
About Bucket Policies
Bucket policies are JSON-based access policy documents that specify who can access your bucket and under what conditions.
Policy Types
Private — No policy attached; only IAM users with explicit permissions can access.
Public Read — Anyone can read objects, but only authenticated users can write.
Custom — Fine-grained control using AWS IAM policy syntax.
Policy Elements
Effect — Allow or Deny
Principal — Who the policy applies to
Action — Which S3 operations
Resource — Bucket/object ARN
Access Control List (ACL)
Loading ACL...
{% if can_edit_policy %}
{% endif %}
About ACLs
Access Control Lists define who can access your bucket and what they can do.
Canned ACLs
private — Owner only
public-read — Anyone can read
authenticated-read — Authenticated users can read
Versioning
{% if versioning_enabled %}
Versioning is enabled
All previous versions of objects are preserved. You can roll back accidental changes or deletions at any time.
{% else %}
Versioning is suspended
New object uploads overwrite existing objects. Enable versioning to preserve previous versions.
{% endif %}
{% if can_manage_versioning %}
{% else %}
You do not have permission to modify versioning for this bucket.
{% endif %}
{% if versioning_enabled %}
Archived Objects
0 items
Objects that have been deleted while versioning is enabled. Their previous versions remain available until you restore or purge them.
Key
Latest Version
Versions
Actions
No archived objects
{% endif %}
{% if encryption_enabled %}
Default Encryption
{% set enc_rules = encryption_config.get('Rules', []) %}
{% set enc_default = enc_rules[0].get('ApplyServerSideEncryptionByDefault', {}) if enc_rules else {} %}
{% set enc_algorithm = enc_default.get('SSEAlgorithm', '') %}
{% set enc_kms_key = enc_default.get('KMSMasterKeyID', '') %}
{% if enc_algorithm %}
Default encryption enabled
{% if enc_algorithm == 'aws:kms' %}
Objects are encrypted with AWS KMS (SSE-KMS).
{% if enc_kms_key %}Key: {{ enc_kms_key[:20] }}...{% endif %}
{% else %}
Objects are encrypted with AES-256 (SSE-S3).
{% endif %}
{% else %}
Default encryption disabled
Objects are stored without default encryption. You can enable server-side encryption below.
{% endif %}
{% if can_manage_encryption %}
{% else %}
You do not have permission to modify encryption settings for this bucket.
{% endif %}
{% endif %}
Storage Quota
{% set max_bytes = bucket_quota.get('max_bytes') %}
{% set max_objects = bucket_quota.get('max_objects') %}
{% set has_quota = max_bytes is not none or max_objects is not none %}
{% set current_objects = bucket_stats.get('objects', 0) %}
{% set version_count = bucket_stats.get('version_count', 0) %}
{% set total_objects = bucket_stats.get('total_objects', current_objects) %}
{% set current_bytes = bucket_stats.get('bytes', 0) %}
{% set version_bytes = bucket_stats.get('version_bytes', 0) %}
{% set total_bytes = bucket_stats.get('total_bytes', current_bytes) %}
Current Usage
{{ total_objects }}
Total Objects
{% if max_objects is not none %}
{% set obj_pct = (total_objects / max_objects * 100) | int if max_objects > 0 else 0 %}
{{ obj_pct }}% of {{ max_objects }} limit
{% else %}
No limit
{% endif %}
{% if version_count > 0 %}
({{ current_objects }} current + {{ version_count }} versions)
{% endif %}
{{ total_bytes | filesizeformat }}
Total Storage
{% if max_bytes is not none %}
{% set bytes_pct = (total_bytes / max_bytes * 100) | int if max_bytes > 0 else 0 %}
{{ bytes_pct }}% of {{ max_bytes | filesizeformat }} limit
{% if max_bytes is not none and max_objects is not none %}
Limited to {{ max_bytes | filesizeformat }} and {{ max_objects }} objects.
{% elif max_bytes is not none %}
Limited to {{ max_bytes | filesizeformat }} storage.
{% else %}
Limited to {{ max_objects }} objects.
{% endif %}
{% else %}
No storage quota
This bucket has no storage or object count limits. Set limits below to control usage.
{% endif %}
{% if can_manage_quota %}
{% else %}
You do not have permission to modify quota settings for this bucket.
{% endif %}
About Versioning
Versioning keeps multiple variants of an object in the same bucket. You can use versioning to preserve, retrieve, and restore every version of every object.
Benefits
Recovery — Restore accidentally deleted or overwritten objects
Audit Trail — Track changes to objects over time
Compliance — Meet retention requirements
How It Works
Each upload creates a new version
Deleting adds a "delete marker"
Previous versions remain accessible
Storage costs apply to all versions
{% if versioning_enabled %}
About Archives
When you delete an object with versioning enabled, S3 inserts a delete marker instead of removing the object. The archived versions remain in the bucket and can be restored at any time.
{% endif %}
{% if encryption_enabled %}
About Encryption
Server-side encryption protects data at rest. Objects are encrypted when stored and decrypted when retrieved.
SSE-KMS — KMS-managed keys with audit trail and key rotation
How It Works
New objects are encrypted using the default setting
Existing objects are not automatically re-encrypted
Decryption is transparent during download
{% endif %}
{% if can_manage_replication %}
Replication Configuration
{% if replication_rule and replication_rule.enabled %}
Replication Active —
{% if replication_rule.mode == 'all' %}
All objects (existing + new) are being replicated.
{% else %}
New uploads to this bucket are automatically replicated.
{% endif %}
Replication Endpoint Unreachable
The target endpoint is not responding. Replication is paused until the endpoint is available.
Choose to replicate new uploads only or all objects (including existing).
All changes sync — uploads, updates, and deletes are replicated.
Replication happens asynchronously in the background.
Ensure credentials have write permissions on target bucket.
{% endif %}
{% if can_edit_policy %}
Lifecycle Rules
Lifecycle rules automatically delete objects or abort multipart uploads after a specified number of days.
ID
Prefix
Status
Expiration
Noncurrent
Actions
Loading...
What are Lifecycle Rules?
Lifecycle rules automate object management by scheduling actions based on object age. This helps reduce storage costs and manage data retention automatically.
Tip: Use lifecycle rules to automatically clean up temporary files, logs, or expired content.
Available Actions
Expiration
Delete current version objects after N days from creation
Noncurrent Expiration
Delete old versions N days after becoming noncurrent (requires versioning)
Abort Multipart
Clean up incomplete multipart uploads after N days
CORS Configuration
CORS rules define which external websites can access your bucket. Required for web apps making direct browser requests.
Origins
Methods
Headers
Max Age
Actions
Loading...
What is CORS?
CORS (Cross-Origin Resource Sharing) is a browser security feature that controls which websites can access your bucket data via JavaScript. Without CORS rules, browsers block cross-origin requests.
When needed: Configure CORS if your web app fetches files directly from this bucket (e.g., loading images, JSON, or downloading files via JavaScript).
Configuration Fields
Allowed Origins
Domains that can make requests (e.g., https://myapp.com or * for all)
Allowed Methods
HTTP methods permitted (GET, PUT, POST, DELETE, HEAD)
Allowed Headers
Request headers the browser may send (e.g., Content-Type, Authorization)
Max Age (seconds)
How long browsers cache preflight responses (default: 0)