This example retrieves the access control list (ACL) for an Amazon S3 bucket.

go run GetBucketAclv2.go -b BUCKET

  • BUCKET is the name of the bucket for which the ACL is retrieved.

The unit test accepts a similar value in config.json.

Source code

// Copyright, Inc. or its affiliates. All Rights Reserved.
// SPDX - License - Identifier: Apache - 2.0
package main

import (


// S3GetBucketAclAPI defines the interface for the GetBucketAcl function.
// We use this interface to test the function using a mocked service.
type S3GetBucketAclAPI interface {
	GetBucketAcl(ctx context.Context,
		params *s3.GetBucketAclInput,
		optFns ...func(*s3.Options)) (*s3.GetBucketAclOutput, error)

// FindBucketAcl retrieves the access control list (ACL) for an Amazon Simple Storage Service (Amazon S3) bucket.
// Inputs:
//     c is the context of the method call, which includes the AWS Region
//     api is the interface that defines the method call
//     input defines the input arguments to the service call.
// Output:
//     If success, a GetBucketAclOutput object containing the result of the service call and nil
//     Otherwise, nil and an error from the call to GetBucketAcl
func FindBucketAcl(c context.Context, api S3GetBucketAclAPI, input *s3.GetBucketAclInput) (*s3.GetBucketAclOutput, error) {
	return api.GetBucketAcl(c, input)

func main() {
	bucket := flag.String("b", "", "The bucket for which the ACL is returned")

	if *bucket == "" {
		fmt.Println("You must supply a bucket name (-b BUCKET)")

	cfg, err := config.LoadDefaultConfig(context.TODO())
	if err != nil {
		panic("configuration error, " + err.Error())

	client := s3.NewFromConfig(cfg)

	input := &s3.GetBucketAclInput{
		Bucket: bucket,

	result, err := FindBucketAcl(context.TODO(), client, input)
	if err != nil {
		fmt.Println("Got an error retrieving ACL for " + *bucket)

	fmt.Println("Owner:", *result.Owner.DisplayName)

	for _, g := range result.Grants {
		// If we add a canned ACL, the name is nil
		if g.Grantee.DisplayName == nil {
			fmt.Println("  Grantee:    EVERYONE")
		} else {
			fmt.Println("  Grantee:   ", *g.Grantee.DisplayName)

		fmt.Println("  Type:      ", string(g.Grantee.Type))
		fmt.Println("  Permission:", string(g.Permission))

See the complete example in GitHub.