Bucket policy supports only one Principal per Statement.
Principal must be "AWS": "*" (to refer all users) or "CanonicalUser": "0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf" (hex encoded public key of desired user).
Resource in bucket policy is an array. Each item MUST contain bucket name, CAN contain object name (wildcards are not supported):
AWS conditions and wildcard are not supported in resources
Only CanonicalUser (with hex encoded public key) and All Users Group are supported in ACL
Method
Comments
🟡
GetObjectAcl
See Limitations
🟡
PutObjectAcl
See Limitations
Locking
For now there are some limitations:
Retention period can't be shortened, only extended.
You can't delete locks or object with unexpired lock.
Method
Comments
🟡
GetObjectLegalHold
🟢
GetObjectLockConfiguration
GetBucketObjectLockConfig
🟡
GetObjectRetention
🟡
PutObjectLegalHold
🟢
PutObjectLockConfiguration
PutBucketObjectLockConfig
🟡
PutObjectRetention
Multipart
CompleteMultipartUpload operations may take long time to complete. Gateway
sends whitespace characters to keep connection with the client alive. In this
case, gateway is unable to set proper HTTP headers like X-Amz-Version-Id.