¶ Description
List all available S3 buckets.
¶ Parameters
¶ Parameters Tab
Parameters:
- Server
- Access key
- Secret key
- Optional: extra parameters for cURL
- Debug information level
¶ Description Tab
Parameters:
- Script name
- Short description
- Revision
- Decription
¶ Configuration Tab
See dedicated page for more information.
¶ About
Lists all S3 buckets that the provided AWS keys can see.
Use the same credentials you set up in S3 Upload File (we already documented a step-by-step there).
¶ What this action does
- Authenticates to AWS S3 using your Access key ID and Secret access key.
- Calls S3 ListAllMyBuckets and (optionally) GetBucketLocation to enrich the output.
- Returns one row per bucket (at minimum: BucketName, CreationDate; region when permitted).
Where it’s handy
- Quick inventory of all buckets in your account
- Verifying access after IAM/policy changes
- Preparing follow-up actions (list objects, upload, download, delete)
¶ Prerequisites
- An AWS account with an IAM user (or role) that has S3 read/list permissions.
- Access key ID + Secret access key for that IAM user (same pair you used in S3 Upload File).
¶ Minimal IAM policy
Attach a policy like this to the IAM user/role you’ll use:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ListAllBuckets",
"Effect": "Allow",
"Action": ["s3:ListAllMyBuckets"],
"Resource": "*"
},
{
"Sid": "BucketLocation",
"Effect": "Allow",
"Action": ["s3:GetBucketLocation"],
"Resource": "*"
}
]
}
Want to keep it even tighter? Replace
"Resource": "*"in the second statement with the specific bucket ARNs you care about.
¶ Parameters (what you fill)
This action doesn’t require a region or bucket name because it lists all buckets visible to the keys.
¶ Step-by-step (first run)
- Open the action
S3 ListBucket. - In Access key, paste your Access key ID.
- In Secret key, paste your Secret access key.
- (Optional) Set Debug information level = verbose for your first test.
- Run the pipeline.
¶ 6) Output you should see
A result grid with at least:
BucketName— the bucket’s nameCreationDate— ISO timestampRegion— appears if the action was able to callGetBucketLocation
Example (illustrative):
| BucketName | CreationDate | Region |
|---|---|---|
| my-logs | 2025-01-12T08:13:55Z | eu-west-3 |
| app-uploads | 2024-10-03T19:44:27Z | eu-north-1 |
| analytics-raw | 2023-05-21T06:11:09Z | us-east-1 |
¶ Common issues & fixes
| Symptom (in Log/Data) | Likely cause | Fix |
|---|---|---|
AccessDenied / 403 |
IAM policy too narrow | Ensure the policy above (at least s3:ListAllMyBuckets). |
| Returns 0 buckets but you know there are buckets | You’re using keys from another AWS account | Switch to keys for the correct account/role. |
InvalidAccessKeyId or SignatureDoesNotMatch |
Keys pasted incorrectly / extra spaces | Re-paste keys carefully; make sure there are no hidden characters. |
| Corporate proxy in the way | HTTP(S) proxy intercepting | Use idOptional to pass proxy flags if needed (e.g., --proxy http://user:pass@host:port). |
RequestTimeout |
Slow/filtered network | Try again; optionally add --max-time 60 in idOptional. |
¶ Security notes
- Prefer least-privilege: only
s3:ListAllMyBucketsand (optionally)s3:GetBucketLocation. - Rotate and store secrets securely.
- In shared environments, set idDebug back to
nothingonce things work to avoid verbose logs.
¶ 9) How this pairs with other S3 actions
- S3 ListBucket → pick your bucket name
- S3 List Objects (box that lists keys inside a bucket)
- S3 Download / Upload / Delete as needed
¶ Tips
- Turn verbose on only while testing.
- If you have many accounts, keep one IAM user per account and name the action instances accordingly (e.g., “S3 ListBucket — Prod”).
- Want regions always resolved? Keep
s3:GetBucketLocationin the policy.
