In Amazon Web Services (AWS) Simple Storage Service (S3), managing access to your data involves two main components: object ACLs (Access Control Lists) and bucket policies.
Object ACLs (Access Control Lists)
Object ACLs are used to manage permissions at the individual object level within an S3 bucket. Each object can have its own set of permissions.
Types of Permissions:
- READ: Allows grantee to read the object data and its metadata.
- WRITE: Allows grantee to create, overwrite, and delete the object.
- READ_ACP: Allows grantee to read the object ACL.
- WRITE_ACP: Allows grantee to write the object ACL.
- FULL_CONTROL: Grants READ, WRITE, READ_ACP, and WRITE_ACP permissions.
- Grantees: ACLs can grant permissions to:
- Canonical user: Specific AWS accounts.
- AWS Account ID: Any AWS account.
- Groups: Predefined Amazon S3 groups (e.g., AllUsers, AuthenticatedUsers, LogDelivery).
- Default ACLs: When an object is created, the default ACL grants the owner (the AWS account that uploaded the object) full control.
How to Allow access to Bucket level and Individual Object level
1.Bucket Level: By default when creating a s3 Bucket, the public access is blocked or restricted meaning there is no access to that particular bucket.
To allow access, Click on the bucket name, navigate to permissions; and scroll down to a section named "Block public access".
Click on edit at the right-cornered, and click on Block all public access to allow access i.e allowing unrestricted access to that bucket. Save changes and confirm settings.
2.Individual Object Level (ACLs): To make an object individually public in S3 bucket, Go to Object Ownership under permissions in the bucket to enable Access Control Lists(ACLs). Click on edit, then click on ACLs enabled to allow access for other AWS accounts.
Save Changes.
Select the object you want to make public, click on Actions and scroll down to "Make Public using ACL"
Click it.
Click on Make public.
This is how Data Security works in AWS S3...
Top comments (0)