AWS S3 Security — IAM Policies, Bucket Polices, & ACLs
All Buckets and objects are private by default. Only the resource owner, an AWS account that created it, can access the resource.
Access to S3 bucket and/or objects can be controlled via
- IAM Policies
- Bucket Polices
- Access Control Lists
IAM Policies, Bucket Polices, & ACL
IAM Policies Vs. Bucket Polices
IAM Policies are attached to IAM Entities such as User, Groups and Roles and they define What is allowed or denied ?
Bucket Polices are attached to S3 Buckets and define Who is allowed or denied
AWS S3 Block Public Access
Block Public Access is applicable to only Public/Anonymous access
Block public access settings can override ACLs and bucket policies public access
You can apply block public access settings to individual buckets or to all buckets in your account
When to use What ?
AWS References:
https://aws.amazon.com/s3/security/
https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html
https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-iam-policies.html
https://docs.aws.amazon.com/AmazonS3/latest/userguide/acls.html
https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html
For More such simple notes on AWS, Follow me on
LinkedIn: https://www.linkedin.com/in/venkatesh111/
Twitter: https://twitter.com/venkatesh111
GitHub: https://venkateshk111.github.io/
