Grant list permissions to all S3 buckets without seeing the content

Hi! Is there a way to grant list permissions to all S3 buckets w/o seeing the content of them?

List object names is ListBucket getting the content of objects is GetObject

So if I grant only ListBucket should work, right?

That’s right, and remember the Resource is the bucket, without the key prefix

I’ll testing right now. Thanks!

Np, that one is a little weird because it’s one of the rare places the IAM permission name (ListBuckets) doesn’t align with the API method name (ListObjectsV2)

It sounds like you are actually looking for ListAllMyBuckets https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html

ListBucket is the contents of a bucket

Oh, yes I could have been confused by the wording. You are looking to see a list of all S3 buckets in the account? Or to see the names of the objects inside the buckets?

List to see all buckets but not the content of them if possible

Ah, sorry, then you want what conzy said

Can you please help me why is this happening?

You are almost there……

The link I posted above shows what resources are valid for a given action

If you are using ListAllMyBuckets the resource must be *

And if you include ListBucket like you have then principals will be able to list bucket contents

Which is what you didnt want

Thank you! I reviewed and remove ListBucket permission and used ListAllMyBuckets

    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:GetBucketPolicy",
                "s3:GetBucketPolicyStatus",
                "s3:ListAllMyBuckets"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::*"
        }
    ]
}```

I used aws cli and I was able to list the buckets and their policies but couldn’t get the content of the buckets