AWS S3 New Update
AWS recently updated the security and access control features in S3.
Following features are added in this update:-
- Object Ownership
- Bucket Owner Condition
- Copy API via Access Points
Object Ownership:- We can now use a new per-bucket setting to enforce uniform object ownership within a bucket. This will simplify many applications, and will obviate the need for the Lambda-powered self-COPY that has become a popular way to do this up until now. Because this setting changes the behavior seen by the account that is uploading, the PUT request must include the bucket-owner-full-control
ACL. You can also choose to use a bucket policy that requires the inclusion of this ACL.
Bucket Owner Condition:- This feature lets you confirm that you are writing to a bucket that you own.
You simply pass a numeric AWS Account ID to any of the S3 Bucket or Object APIs using the expectedBucketOwner
parameter or the x-amz-expected-bucket-owner
HTTP header. The ID indicates the AWS Account that you believe owns the subject bucket. If there’s a match, then the request will proceed as normal. If not, it will fail with a 403 status code.
Copy API via Access Points:- S3 Access Points give you fine-grained control over access to your shared data sets. Instead of managing a single and possibly complex policy on a bucket, you can create an access point for each application, and then use an IAM policy to regulate the S3 operations that are made via the access point .
You can now use S3 Access Points in conjunction with the S3 CopyObject
API by using the ARN of the access point instead of the bucket name .
Ref: →https://aws.amazon.com/blogs/aws/amazon-s3-update-three-new-security-access-control-features/