Last Updated: February 25, 2016
·
262
· mohangk

The very least you should know about controlling access to S3 resources

#s3
#aws

There are at least 3 different ways that permissions for a bucket can be setup

  1. by setting up permissions for the bucket in the users IAM setting
  2. by setting up a bucket policy
  3. by setting up ACLs for individual files and folders

When multiple permissions are set the final permission is the union of all the individual permissions, and in the case of overlaps the more restrictive policy applies.

We are moving towards only having permissions set via IAM, this way settings are centralized and hopefully reduces potential errors.

To strip ACLs off all items in a bucket, use s3cmd

s3cmd setacl s3://bucket/ --acl-private --recursive

For more information about s3 permissions refer to this blog post - http://blogs.aws.amazon.com/security/post/TxPOJBY6FE360K/IAM-policies-and-Bucket-Policies-and-ACLs-Oh-My-Controlling-Access-to-S3-Resourc

#s3
#aws

Written by Mohan Krishnan

Say Thanks
Respond

Related protips

Serving web fonts via AWS S3 and Cloudfront

46.06K
5

S3 Group policy for read-only access to only one bucket.

31.05K
3

Host a static site on Amazon S3, with custom domain and SSL

28.73K
0

Have a fresh tip? Share with Coderwall community!

Post
Post a tip
Best #S3 Authors
mikhailov
141.9K
#s3
tmilewski
45.92K
#s3
#Ruby
#Open Source
lukasz-madon
43.66K
#s3
#Python
#JavaScript
brockangelo
30.99K
#s3
#Open Source
#PHP
wallin
28.7K
#s3
#Javascript
#CoffeeScript
Related Tags
#s3
#aws
Sponsored by
#native_company#
#native_desc#
#native_cta#
Awesome Job
See All Jobs
Post a job for only $299
Thanks to our sponsor
Sponsored by #native_company# — Learn More
#native_title# #native_desc#
#native_cta#