Sunday, July 12, 2020

Bucket Policy vs IAM Policy vs S3 ACL !

IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources)

One of most commonly asked question and very confusing. I came across a blog from AWS, with great explanation on same. So though of sharing:

IAM policies vs. S3 bucket policies

IAM policies specify what actions are allowed or denied on what AWS resources (e.g. allow ec2:TerminateInstance on the EC2 instance with instance_id=i-8b3620ec). You attach IAM policies to IAM users, groups, or roles, which are then subject to the permissions you’ve defined. In other words, IAM policies define what a principal can do in your AWS environment.

S3 bucket policies, on the other hand, are attached only to S3 buckets. S3 bucket policies specify what actions are allowed or denied for which principals on the bucket that the bucket policy is attached to (e.g. allow user Alice to PUT but not DELETE objects in the bucket). S3 bucket policies are a type of access control list

No comments: