πŸ“ƒ
πŸ“ƒ
πŸ“ƒ
πŸ“ƒ
AWS SAA-C02
Search…
πŸ“ƒ
πŸ“ƒ
πŸ“ƒ
πŸ“ƒ
AWS SAA-C02
Practice Test Scores
Basics of IAM
Elastic Compute Cloud (EC2)
Overview
Security Groups
IP Addresses
User Data
Launch Types
Spot Instances
Instance Types
Amazon Machine Image (AMI)
Placement Groups
Elastic Network Interface (ENI)
Hibernate
Elastic Load Balancer (ELB)
Basic Terms
Elastic Load Balancing
Classic Load Balancer (CLB)
Application Load Balancer (ALB)
Network Load Balancer (NLB)
Stickiness
Cross Zone Load Balancing
SSL Certificates
Connection Draining/Deregistration Delay
Auto Scaling Groups (ASG)
Launch Configurations & Launch Templates
Overview
Dynamic Scaling and Scheduled Scaling
Lifecycle Hooks
Scaling Cooldowns
EC2 Storage (EBS, EFS, Instance Store)
Elastic Block Storage (EBS)
EBS Volume Types
EBS Snapshots
EBS Volume Migration
EBS Volume Encryption
EBS RAID configurations
Instance Store
Elastic File System (EFS)
EFS vs EBS
Relational Database Service (RDS)
RDS Overview
Running Databases on EC2
RDS Backups & RDS Restores
RDS Read Replicas
RDS Multi AZ
RDS Encryption
RDS IAM database authentication
Aurora
ElastiCache
Route53
Overview
DNS Record Types
Routing Policies
3rd Party Domains
Simple Storage Service (S3)
S3
Server-Side Encryption
S3 Security
Pre-signed URLs
S3 Websites
Cross-origin resource sharing (CORS)
Consistency Model
Advanced S3 & Athena
MFA Delete
Access Logs
Replication
Storage Classes
Lifecycle Configuration
Performance Optimization
Select and Glacier Select
Event Notifications
Object Lock and Glacier Lock
Athena Overview
CloudFront & Global Accelerator
CloudFront Overview
CloudFront Signed URL / Signed Cookies
Global Accelerator
Storage Gateway & FSx & Snowball/Snowmobile
Storage Gateway Overview
Storage Gateway File Gateway Hardware Appliance
FSx for Windows Servers
FSx for Lustre
Storage Comparison
Snowball/Snowmobile Overview
AWS Messaging
Simple Queue Service (SQS)
Overview
Message Visibility Timeout
Dead Letter Queues
Delay Queues
FIFO Queues
SQS + Auto Scaling Group
Simple Notification Service (SNS)
Overview
SNS & SQS - Fan Out Pattern
Kinesis + MQ
Kinesis
Amazon MQ
Serverless
Lamda Overview
[email protected]
DynamoDB Overview
DynamoDB RCUs and WCUs
DynamoDB Advanced Features
API Gateway Overview
API Gateway Security
Cognito Overview
AWS SAM (Serverless Application Model)
Databases & Analytics
Databases
Analytics
Monitoring
CloudWatch Concepts
CloudWatch Logs
CloudWatch Agent
EC2 Instance Recovery
CloudWatch Events
CloudTrail
Config
Mini Security Lesson
IAM Policies
Authorization
IAM Conditions
IAM for S3 Resources
IAM Permission Boundaries
Security & Management
Security Token Service (STS)
Identity Federation in AWS
Directory Service
Organizations
Resource Access Manager (RAM)
Single Sign On (SSO)
Security & Encryption
Encryption Overview
KMS Overview
SSM Parameter Store Overview
Secrets Manager Overview
CloudHSM
Shield
Web Application Firewall (WAF) Overview
Virtual Private Cloud (VPC)
Networking for VPCs
Default VPC Overview
VPC Overview
VPC Subnets
Internet Gateways & Route Tables
NAT Instances
NAT Gateways
DNS support in your VPC
NACLs vs Security Groups
VPC Peering
VPC Endpoints
VPC Flow Logs
Bastion Hosts
Site to Site VPN
Direct Connect
Egress-only Internet Gateway
AWS PrivateLink
AWS ClassicLink
VPN CloudHub
Transit Gateway
Disaster Recovery & Migrations
Plan for Disaster Recovery
Database Migration Service (DMS)
Migration Services
DataSync Overview
Other Services
Overview of Other Services
Powered By GitBook
S3 Security

User-Based Policies/Identity-based policies

  • They are attached to an IAM user, group, or role.
  • These policies let you specify what that identity can do (its permissions).
  • Identity-based policies can be managed or inline.

Resource-Based Policies

  • They are attached to a resource.
  • For example, you can attach resource-based policies to Amazon S3 buckets, Amazon SQS queues, and AWS Key Management Service encryption keys.
    ​
  • With resource-based policies, you can specify who has access to the resource and what actions they can perform on it.
  • Resource-based policies are inline only, not managed.

Bucket Policies

  • Bucket policies are used to grant permission to your Amazon S3 resources.
  • They use JSON-based access policy language.
  • In its most basic sense, a policy contains the following elements:
    • Resources
      • In a policy, you use the Amazon Resource Name (ARN) to identify the resource, such as buckets, objects, access points, and jobs.
    • Actions
      • You identify resource operations that you will allow (or deny) by using action keywords.
    • Effect
      • This can be either allow or deny.
    • Principal
      • This is the user, account, service, or other entity that is the recipient of this permission.

Block Public Access

  • The S3 Block Public Access feature provides settings for access points, buckets, and accounts to help you manage public access to Amazon S3 resources.
  • By default, new buckets, access points, and objects don't allow public access.
    • However, users can modify bucket policies, access point policies, or object permissions to allow public access.
Simple Storage Service (S3) - Previous
Server-Side Encryption
Next - Simple Storage Service (S3)
Pre-signed URLs
Last modified 11mo ago
Copy link
Contents
User-Based Policies/Identity-based policies
Resource-Based Policies
Bucket Policies
Block Public Access