In Amazon S3, the permission required to download an object is specifically the s3:GetObject action. While downloading might seem like a simple "read" task, AWS distinguishes between the ability to see that a file exists and the ability to actually retrieve its contents. Core Permission: s3:GetObject
To download a file from an S3 bucket, a user or application must have the permission. This permission applies directly to the objects themselves, not just the bucket container. download object permission s3
These are attached to the bucket itself and can grant access to users from other AWS accounts or even the public. Sample IAM Policies for AWS S3 - IBM In Amazon S3, the permission required to download