I would like to check if a given user / role can perform a certain operation (GetObject, PutObject etc) on an S3 bucket. I can do this manually though the AWS console by examining the user's policies, but I was curious if there was a way to do this via the CLI or the Java SDK
You can simulate how a set of IAM policies attached to an IAM entity works with a list of API operations and AWS resources to determine the policies' effective permissions.
Two APIs are available:
Also see the re:Invent 2016 slide deck on How to Automate Policy Validation.