Next: Performing Batch Operations, Previous: Objects, Up: Simple Storage Service---S3 (1) [Index]
https://docs.aws.amazon.com/AmazonS3/latest/dev/security.html
https://docs.aws.amazon.com/AmazonS3/latest/dev/DataDurability.html
https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html
Bucket policy and user policy are two of the access policy options available for you to grant permission to your Amazon S3 resources. Both use JSON-based access policy language. The topics in this section describe the key policy language elements, with emphasis on Amazon S3–specific details, and provide example bucket and user policies.
https://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
The topics in this section describe the basic elements used in bucket and user policies as used in Amazon S3.
In its most basic sense, a policy contains the following elements:
https://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
The following introductory topics explain the basic concepts and options that are available for you to manage access to your Amazon S3 resources, and provide guidelines for when to use which access policy options.
https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects. Each bucket and object has an ACL attached to it as a subresource. It defines which AWS accounts or groups are granted access and the type of access. When a request is received against a resource, Amazon S3 checks the corresponding ACL to verify that the requester has the necessary access permissions.
When you create a bucket or an object, Amazon S3 creates a default ACL that grants the resource owner full control over the resource. This is shown in the following sample bucket ACL (the default object ACL has the same structure):
<?xml version="1.0" encoding="UTF-8"?>
<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Owner>
<ID>*** Owner-Canonical-User-ID ***</ID>
<DisplayName>owner-display-name</DisplayName>
</Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="Canonical User">
<ID>*** Owner-Canonical-User-ID ***</ID>
<DisplayName>display-name</DisplayName>
</Grantee>
<Permission>FULL_CONTROL</Permission>
</Grant>
</AccessControlList>
</AccessControlPolicy>
Example 2.1: Sample Bucket ACL
The sample ACL includes an Owner element that identifies the owner by the AWS account’s canonical user ID.
https://docs.aws.amazon.com/AmazonS3/latest/dev/managing-acls.html
https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-incident-response.html
https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-compliance.html
https://docs.aws.amazon.com/AmazonS3/latest/dev/disaster-recovery-resiliency.html
https://docs.aws.amazon.com/AmazonS3/latest/dev/network-isolation.html
https://docs.aws.amazon.com/AmazonS3/latest/dev/vulnerability-analysis-and-management.html
https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html
Next: Performing Batch Operations, Previous: Objects, Up: Simple Storage Service---S3 (1) [Index]