No, access to a bucket (as indicated by a policy resource like arn:aws:s3:::mybucket) does not provide any API access to the objects within that bucket. To access the objects, you would need to allow API actions against an object resource like arn:aws:s3:::mybucket/*.
The IAM dialog you've shown is a convenience that helps you to create a JSON policy. At any time, you can click the JSON tab to see the equivalent JSON policy.
The dialog has 4 resource types: accesspoint, bucket, job, object. They are independent of one another. Selecting a specific S3 bucket under the 'bucket' section does not have any impact on the 'object' section.
So, if you indicate mybucket under bucket and Any under object, your policy will contain something like this:
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::*/*",
"arn:aws:s3:::mybucket"
]
}
Note specifically, that this allows all S3 actions (s3:*) against both the bucket (arn:aws:s3:::mybucket) and all the objects in all the buckets (arn:aws:s3:::*/*).
If you want to allow actions against the mybucket bucket and against all of the objects in mybucket, then indicate mybucket under bucket, deselect 'Any' under object, and indicate arn:aws:s3:::mybucket/* under object. Your JSON policy will now look like this:
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::mybucket/*",
"arn:aws:s3:::mybucket"
]
}
