diff --git a/lib/api/bucketPut.js b/lib/api/bucketPut.js
index 25fab4a387..7541d6431f 100644
--- a/lib/api/bucketPut.js
+++ b/lib/api/bucketPut.js
@@ -167,6 +167,21 @@ function bucketPut(authInfo, request, log, callback) {
             'for internal purposes'));
     }
 
+    let authParams;
+    let ip;
+    let requestConstantParams;
+    if (authInfo.isRequesterAnIAMUser()) {
+        authParams = auth.server.extractParams(request, log, 's3', request.query);
+        ip = requestUtils.getClientIp(request, config);
+        requestConstantParams = {
+            authParams,
+            ip,
+            bucketName,
+            request,
+            authInfo,
+        };
+    }
+
     return waterfall([
         next => _parseXML(request, log, next),
         (locationConstraint, next) => {
@@ -175,31 +190,47 @@ function bucketPut(authInfo, request, log, callback) {
                 return next(null, locationConstraint);
             }
 
-            const authParams = auth.server.extractParams(request, log, 's3', request.query);
-            const ip = requestUtils.getClientIp(request, config);
-            const requestConstantParams = [{
-                authParams,
-                ip,
-                bucketName,
-                request,
-                authInfo,
-                locationConstraint: locationConstraint,
-                apiMethod: 'bucketPut',
-            }];
+            requestConstantParams.locationConstraint = locationConstraint;
+            requestConstantParams.apiMethod = 'bucketPut';
+
+            return vault.checkPolicies(
+                _buildConstantParams(requestConstantParams),
+                authInfo.getArn(),
+                log,
+                _handleAuthResults(locationConstraint, log, next),
+            );
+        },
+        (locationConstraint, next) => {
+            if (!authInfo.isRequesterAnIAMUser()) {
+                return next(null, locationConstraint);
+            }
 
             if (!_isObjectLockEnabled(request.headers)) {
-                requestConstantParams.push({
-                    ...requestConstantParams[0],
-                    apiMethod: 'bucketPutObjectLock',
-                });
-                requestConstantParams.push({
-                    ...requestConstantParams[0],
-                    apiMethod: 'bucketPutVersioning',
-                });
+                return next(null, locationConstraint);
             }
 
+            requestConstantParams.apiMethod = 'bucketPutObjectLock';
+
+            return vault.checkPolicies(
+                _buildConstantParams(requestConstantParams),
+                authInfo.getArn(),
+                log,
+                _handleAuthResults(locationConstraint, log, next),
+            );
+        },
+        (locationConstraint, next) => {
+            if (!authInfo.isRequesterAnIAMUser()) {
+                return next(null, locationConstraint);
+            }
+
+            if (!_isObjectLockEnabled(request.headers)) {
+                return next(null, locationConstraint);
+            }
+
+            requestConstantParams.apiMethod = 'bucketPutVersioning';
+
             return vault.checkPolicies(
-                requestConstantParams.map(_buildConstantParams),
+                _buildConstantParams(requestConstantParams),
                 authInfo.getArn(),
                 log,
                 _handleAuthResults(locationConstraint, log, next),