CAL - AWS S3 Get ACL subflow

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of CAL - AWS S3 Get ACL subflow

    The CAL - AWS S3 Get ACL subflow is designed to retrieve the Access Control List (ACL) details for a specified Amazon Web Services (AWS) S3 bucket. This functionality is crucial for managing access permissions and understanding who can interact with your S3 resources.

    Show full answer Show less

    Key Features

    • Subscription Requirements: An Integration Hub Enterprise or App Engine subscription is required to use this subflow in custom flows.
    • Role Requirements: Users must have roles granted by delegated development or assigned directly to them to access the subflow.
    • Cloud Permission: The caller must possess the s3:GetBucketAcl cloud permission to execute the subflow.
    • Input Parameters:
      • Bucket Name: Specify the name of the AWS S3 bucket (String).
      • Use MID: Indicate whether to use a MID Server for outbound calls (True/False).
      • MID Server: Select the appropriate MID Server record.
      • Credential Alias: Provide the credential alias for AWS authentication.
    • Output Parameters: The subflow returns several outputs that can be used in subsequent actions, including authorization status, bucket region, error codes, and detailed permission settings.

    Key Outcomes

    By utilizing this subflow, ServiceNow customers can effectively manage and verify the access permissions of their S3 buckets. The detailed outputs help in understanding access levels and troubleshooting permission-related issues, ensuring better security and compliance management for AWS resources.

    Subflow that retrieves the Access Control List (ACL) details for the specified Amazon Web Services (AWS) S3 bucket.

    Roles and availability

    Subscription requirements
    To use this subflow in custom flows, you must obtain an Integration Hub Enterprise subscription or an App Engine subscription. For more information, see Request Integration Hub.
    Role requirements
    This subflow requires roles granted by delegated development or assigned to the user. For more information, see User access to Flow Designer.

    Cloud permission

    To execute this subflow, the caller must have the s3:GetBucketAcl cloud permission.

    Inputs

    Provide a value for each input that your action needs. To add dynamic values, you can also select data pills using the pill picker.

    Bucket Name
    Data type: String

    Name of the AWS S3 bucket.

    Use MID
    Data type: True/False

    Selection to indicate whether to use a MID Server to make the outbound calls.

    MID Server
    Data type: Record

    MID Server for making the outbound calls.

    Credential Alias
    Data type: Record

    Credential alias for the AWS credential.

    Outputs

    You can use these outputs as inputs for other actions.

    Is Access Denied
    Data type: True/False
    Server authorization status of the call.
    • True: The server has authorized the call
    • False: The server didn't authorize the call
    Bucket Region
    Data type: String

    Datacenter where the specified AWS S3 bucket is hosted.

    Error Code
    Data type: String

    Client error code returned for the failed call.

    Owner write
    Data type: True/False

    The bucket owner can write into the bucket.

    Owner full control
    Data type: True/False

    The owner has all the permissions for the bucket.

    Owner listing
    Data type: True/False

    The bucket owner can list the contents of the bucket.

    Public write
    Data type: True/False

    Anyone (public access) can write into the bucket.

    Public listing
    Data type: True/False

    Anyone (public access) can list the contents of the bucket.

    Public full control
    Data type: True/False

    Everyone (public access) has all the permissions.

    Auth Users Write
    Data type: True/False

    Authenticated user groups (users with an AWS account) can write into the bucket.

    Auth Users Full Control
    Data type: True/False

    Authenticated user groups (users with an AWS account) have all the permissions for the bucket.

    Owner Read ACL
    Data type: True/False

    Owner of the bucket can read the bucket ACL.

    Owner Write ACL
    Data type: True/False

    Owner of the bucket can write or update the bucket ACL.

    Public Read ACL
    Data type: True/False

    Anyone (public access) can read the bucket ACL.

    Public Write ACL
    Data type: True/False

    Anyone (public access) can write or update the bucket ACL.

    Auth Users Read ACL
    Data type: True/False

    Authenticated user groups (users with an AWS account) can read the bucket ACL.

    Auth Users Write ACL
    Data type: True/False

    Authenticated user groups (users with an AWS account) can write or update the bucket ACL.

    Auth Users Listing
    Data type: True/False

    Authenticated user group (users with an AWS account) can list the contents of the bucket.

    Owner ID
    Data type: String

    Canonical user ID of the AWS account.

    Owner Display Name
    Data type: String

    Display name of the resource owner.

    For federated login, the subflow doesn't return any Owner Display Name.