# Use `GetBucketAcl` with an AWS SDK or CLI The following code examples show how to use `GetBucketAcl`. Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code examples: + [Check if a bucket exists](s3_example_s3_Scenario_DoesBucketExist_section.md) + [Manage access control lists (ACLs)](s3_example_s3_Scenario_ManageACLs_section.md) ------ #### [ .NET ] **SDK for .NET** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/S3#code-examples). ``` ///

/// Get the access control list (ACL) for the new bucket. ///

/// The initialized client object used to get the /// access control list (ACL) of the bucket. /// The name of the newly created bucket. /// An S3AccessControlList. public static async Task GetACLForBucketAsync(IAmazonS3 client, string newBucketName) { // Retrieve bucket ACL to show that the ACL was properly applied to // the new bucket. GetACLResponse getACLResponse = await client.GetACLAsync(new GetACLRequest { BucketName = newBucketName, }); return getACLResponse.AccessControlList; } ``` + For API details, see [GetBucketAcl](https://docs.aws.amazon.com/goto/DotNetSDKV3/s3-2006-03-01/GetBucketAcl) in *AWS SDK for .NET API Reference*. ------ #### [ C\$1\$1 ] **SDK for C\$1\$1** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/s3#code-examples). ``` bool AwsDoc::S3::getBucketAcl(const Aws::String &bucketName, const Aws::S3::S3ClientConfiguration &clientConfig) { Aws::S3::S3Client s3Client(clientConfig); Aws::S3::Model::GetBucketAclRequest request; request.SetBucket(bucketName); Aws::S3::Model::GetBucketAclOutcome outcome = s3Client.GetBucketAcl(request); if (!outcome.IsSuccess()) { const Aws::S3::S3Error &err = outcome.GetError(); std::cerr << "Error: getBucketAcl: " << err.GetExceptionName() << ": " << err.GetMessage() << std::endl; } else { Aws::Vector grants = outcome.GetResult().GetGrants(); for (auto it = grants.begin(); it != grants.end(); it++) { Aws::S3::Model::Grant grant = *it; Aws::S3::Model::Grantee grantee = grant.GetGrantee(); std::cout << "For bucket " << bucketName << ": " << std::endl << std::endl; if (grantee.TypeHasBeenSet()) { std::cout << "Type: " << getGranteeTypeString(grantee.GetType()) << std::endl; } if (grantee.DisplayNameHasBeenSet()) { std::cout << "Display name: " << grantee.GetDisplayName() << std::endl; } if (grantee.EmailAddressHasBeenSet()) { std::cout << "Email address: " << grantee.GetEmailAddress() << std::endl; } if (grantee.IDHasBeenSet()) { std::cout << "ID: " << grantee.GetID() << std::endl; } if (grantee.URIHasBeenSet()) { std::cout << "URI: " << grantee.GetURI() << std::endl; } std::cout << "Permission: " << getPermissionString(grant.GetPermission()) << std::endl << std::endl; } } return outcome.IsSuccess(); } //! Routine which converts a built-in type enumeration to a human-readable string. /*! \param type: Type enumeration. \return String: Human-readable string. */ Aws::String getGranteeTypeString(const Aws::S3::Model::Type &type) { switch (type) { case Aws::S3::Model::Type::AmazonCustomerByEmail: return "Email address of an AWS account"; case Aws::S3::Model::Type::CanonicalUser: return "Canonical user ID of an AWS account"; case Aws::S3::Model::Type::Group: return "Predefined Amazon S3 group"; case Aws::S3::Model::Type::NOT_SET: return "Not set"; default: return "Type unknown"; } } //! Routine which converts a built-in type enumeration to a human-readable string. /*! \param permission: Permission enumeration. \return String: Human-readable string. */ Aws::String getPermissionString(const Aws::S3::Model::Permission &permission) { switch (permission) { case Aws::S3::Model::Permission::FULL_CONTROL: return "Can list objects in this bucket, create/overwrite/delete " "objects in this bucket, and read/write this " "bucket's permissions"; case Aws::S3::Model::Permission::NOT_SET: return "Permission not set"; case Aws::S3::Model::Permission::READ: return "Can list objects in this bucket"; case Aws::S3::Model::Permission::READ_ACP: return "Can read this bucket's permissions"; case Aws::S3::Model::Permission::WRITE: return "Can create, overwrite, and delete objects in this bucket"; case Aws::S3::Model::Permission::WRITE_ACP: return "Can write this bucket's permissions"; default: return "Permission unknown"; } return "Permission unknown"; } ``` + For API details, see [GetBucketAcl](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/GetBucketAcl) in *AWS SDK for C\$1\$1 API Reference*. ------ #### [ CLI ] **AWS CLI** The following command retrieves the access control list for a bucket named `amzn-s3-demo-bucket`: ``` aws s3api get-bucket-acl --bucket amzn-s3-demo-bucket ``` Output: ``` { "Owner": { "DisplayName": "my-username", "ID": "7009a8971cd538e11f6b6606438875e7c86c5b672f46db45460ddcd087d36c32" }, "Grants": [ { "Grantee": { "DisplayName": "my-username", "ID": "7009a8971cd538e11f6b6606438875e7c86c5b672f46db45460ddcd087d36c32" }, "Permission": "FULL_CONTROL" } ] } ``` + For API details, see [GetBucketAcl](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3api/get-bucket-acl.html) in *AWS CLI Command Reference*. ------ #### [ Java ] **SDK for Java 2.x** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/s3#code-examples). ``` import software.amazon.awssdk.services.s3.model.S3Exception; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.s3.S3Client; import software.amazon.awssdk.services.s3.model.GetObjectAclRequest; import software.amazon.awssdk.services.s3.model.GetObjectAclResponse; import software.amazon.awssdk.services.s3.model.Grant; import java.util.List; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. *

* For more information, see the following documentation topic: *

* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class GetAcl { public static void main(String[] args) { final String usage = """ Usage: Where: bucketName - The Amazon S3 bucket to get the access control list (ACL) for. objectKey - The object to get the ACL for.\s """; if (args.length != 2) { System.out.println(usage); System.exit(1); } String bucketName = args[0]; String objectKey = args[1]; System.out.println("Retrieving ACL for object: " + objectKey); System.out.println("in bucket: " + bucketName); Region region = Region.US_EAST_1; S3Client s3 = S3Client.builder() .region(region) .build(); getBucketACL(s3, objectKey, bucketName); s3.close(); System.out.println("Done!"); } /** * Retrieves the Access Control List (ACL) for an object in an Amazon S3 bucket. * * @param s3 The S3Client object used to interact with the Amazon S3 service. * @param objectKey The key of the object for which the ACL is to be retrieved. * @param bucketName The name of the bucket containing the object. * @return The ID of the grantee who has permission on the object, or an empty string if an error occurs. */ public static String getBucketACL(S3Client s3, String objectKey, String bucketName) { try { GetObjectAclRequest aclReq = GetObjectAclRequest.builder() .bucket(bucketName) .key(objectKey) .build(); GetObjectAclResponse aclRes = s3.getObjectAcl(aclReq); List grants = aclRes.grants(); String grantee = ""; for (Grant grant : grants) { System.out.format(" %s: %s\n", grant.grantee().id(), grant.permission()); grantee = grant.grantee().id(); } return grantee; } catch (S3Exception e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } return ""; } } ``` + For API details, see [GetBucketAcl](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/GetBucketAcl) in *AWS SDK for Java 2.x API Reference*. ------ #### [ JavaScript ] **SDK for JavaScript (v3)** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/s3#code-examples). Get the ACL permissions. ``` import { GetBucketAclCommand, S3Client, S3ServiceException, } from "@aws-sdk/client-s3"; /** * Retrieves the Access Control List (ACL) for an S3 bucket. * @param {{ bucketName: string }} */ export const main = async ({ bucketName }) => { const client = new S3Client({}); try { const response = await client.send( new GetBucketAclCommand({ Bucket: bucketName, }), ); console.log(`ACL for bucket "${bucketName}":`); console.log(JSON.stringify(response, null, 2)); } catch (caught) { if ( caught instanceof S3ServiceException && caught.name === "NoSuchBucket" ) { console.error( `Error from S3 while getting ACL for ${bucketName}. The bucket doesn't exist.`, ); } else if (caught instanceof S3ServiceException) { console.error( `Error from S3 while getting ACL for ${bucketName}. ${caught.name}: ${caught.message}`, ); } else { throw caught; } } }; ``` + For more information, see [AWS SDK for JavaScript Developer Guide](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/s3-example-access-permissions.html#s3-example-access-permissions-get-acl). + For API details, see [GetBucketAcl](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/s3/command/GetBucketAclCommand) in *AWS SDK for JavaScript API Reference*. ------ #### [ PowerShell ] **Tools for PowerShell V5** **Example 1: The command gets the details of the object owner of the S3 object.** ``` (Get-S3BucketACL -BucketName 'amzn-s3-demo-bucket' -Select *).Owner ``` **Output:** ``` DisplayName Id ----------- -- testusername 9988776a6554433d22f1100112e334acb45566778899009e9887bd7f66c5f544 ``` + For API details, see [GetBucketAcl](https://docs.aws.amazon.com/powershell/v5/reference) in *AWS Tools for PowerShell Cmdlet Reference (V5)*. ------ #### [ Python ] **SDK for Python (Boto3)** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/s3/s3_basics#code-examples). ``` class BucketWrapper: """Encapsulates S3 bucket actions.""" def __init__(self, bucket): """ :param bucket: A Boto3 Bucket resource. This is a high-level resource in Boto3 that wraps bucket actions in a class-like structure. """ self.bucket = bucket self.name = bucket.name def get_acl(self): """ Get the ACL of the bucket. :return: The ACL of the bucket. """ try: acl = self.bucket.Acl() logger.info( "Got ACL for bucket %s. Owner is %s.", self.bucket.name, acl.owner ) except ClientError: logger.exception("Couldn't get ACL for bucket %s.", self.bucket.name) raise else: return acl ``` + For API details, see [GetBucketAcl](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/GetBucketAcl) in *AWS SDK for Python (Boto3) API Reference*. ------ #### [ SAP ABAP ] **SDK for SAP ABAP** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/s3#code-examples). ``` TRY. oo_result = lo_s3->getbucketacl( " oo_result is returned for testing purposes. " iv_bucket = iv_bucket_name ). MESSAGE 'Retrieved bucket ACL.' TYPE 'I'. CATCH /aws1/cx_s3_nosuchbucket. MESSAGE 'Bucket does not exist.' TYPE 'E'. ENDTRY. ``` + For API details, see [GetBucketAcl](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html) in *AWS SDK for SAP ABAP API reference*. ------ For a complete list of AWS SDK developer guides and code examples, see [Developing with Amazon S3 using the AWS SDKs](sdk-general-information-section.md). This topic also includes information about getting started and details about previous SDK versions.