Simple Notification Service (SNS)
Kinesis + MQ
Databases & Analytics
S3 Security

User-Based Policies/Identity-based policies

  • They are attached to an IAM user, group, or role.
  • These policies let you specify what that identity can do (its permissions).
  • Identity-based policies can be managed or inline.

Resource-Based Policies

  • They are attached to a resource.
  • For example, you can attach resource-based policies to Amazon S3 buckets, Amazon SQS queues, and AWS Key Management Service encryption keys.
  • With resource-based policies, you can specify who has access to the resource and what actions they can perform on it.
  • Resource-based policies are inline only, not managed.

Bucket Policies

  • Bucket policies are used to grant permission to your Amazon S3 resources.
  • They use JSON-based access policy language.
  • In its most basic sense, a policy contains the following elements:
    • Resources
      • In a policy, you use the Amazon Resource Name (ARN) to identify the resource, such as buckets, objects, access points, and jobs.
    • Actions
      • You identify resource operations that you will allow (or deny) by using action keywords.
    • Effect
      • This can be either allow or deny.
    • Principal
      • This is the user, account, service, or other entity that is the recipient of this permission.

Block Public Access

  • The S3 Block Public Access feature provides settings for access points, buckets, and accounts to help you manage public access to Amazon S3 resources.
  • By default, new buckets, access points, and objects don't allow public access.
    • However, users can modify bucket policies, access point policies, or object permissions to allow public access.