🖋️
AWS CCP Notes by Karan Singh
  • Intro
  • The Absolute Basics
  • 6 Advantages of Cloud Computing
  • IAM
    • IAM - Identity and Access Management
  • Serverless Services
  • EC2
    • EC2 - Elastic Compute Cloud
    • EC2 Storage
    • EC2 Purchasing Options
  • ELB & ASG
    • Scalability and Elasticity
    • Elastic Load Balancing
    • Auto Scaling
  • S3
    • Buckets and Objects
    • S3 Security
    • S3 Replication
    • S3 Storage Classes
    • Snowball and Snowmobile
  • Databases/Analytics
    • Aurora
    • RDS
    • ElastiCache
    • DynamoDB
    • DocumentDB
    • Redshift
    • Neptune
  • Analytics
    • EMR
    • Athena
    • DMS
    • Glue
  • Other computing services
    • ECS
    • Fargate
    • Elastic Container Registry
    • EKS
    • Lambda
    • Batch
    • Lightsail
  • Deployment & Provisioning
    • CloudFormation
    • Elastic Beanstalk
    • CodeDeploy
    • Systems Manager
    • OpsWorks
    • QuickStart
    • Marketplace
  • Content Delivery
    • Route 53
    • CloudFront
    • S3 Transfer Acceleration
    • Global Accelerator
  • Communication and Step Functions
    • SQS
    • SNS
    • SES
    • Step Functions
  • Monitoring
    • CloudWatch
    • CloudTrail
    • X-Ray
    • Service Health Dashboard
    • Personal Health Dashboard
  • VPC & Networking
    • VPC
    • Subnets
    • Internet Gateway & NAT Gateway
    • NACL & Security Groups
    • VPC Flow Logs
    • VPC Peering
    • VPC Endpoints
    • Direct Connect & Site-to-site VPN
    • Transit Gateway
  • Shared Responsibility Model
    • Shared Responsibility Model
    • RDS
    • S3
  • Security & Compliance
    • WAF & Shield
    • Penetration Testing
    • KSM & CloudHSM
    • Secrets Manager
    • Artifact
    • GuardDuty
    • Inspector
    • Config
    • Macie
  • Machine Learning
    • Rekognition
    • Transcribe
    • Polly
    • Lex
    • Connect
    • Comprehend
    • SageMaker
  • Organizations
    • Organizations
    • Consolidated Billing
  • Pricing
    • Free Services
    • EC2 Pricing
    • Lambda Pricing
    • ECS Pricing
    • EBS Pricing
    • S3 Pricing
    • RDS Pricing
    • CloudFront Pricing
    • Networking Pricing
  • Billing & Support
    • TCO Calculator
    • Simple Monthly Calculator/Pricing Calculator
    • Billing Dashboard
    • Cost Allocation Tags
    • Cost & Usage Reports
    • Cost Explorer
    • Billing Alarms
    • Budgets
    • Trusted Advisor
    • AWS Support Plans
  • Advanced Identity
    • Cognito
    • Directory Services
    • Single Sign-On (SSO)
  • Architecting On The Cloud
    • Well-Architected Framework & Best Practices
      • 1) Operational Excellence
      • 2) Security
      • 3) Reliability
      • 4) Performance Efficiency
      • 5) Cost Optimization
  • AWS Ecosystem
  • AZ, Regional and Global Services
Powered by GitBook
On this page
  • User Based Policies
  • Resource Based Policies
  • Encryption

Was this helpful?

  1. S3

S3 Security

PreviousBuckets and ObjectsNextS3 Replication

Last updated 4 years ago

Was this helpful?

User Based Policies

IAM Policies: - Attached to an IAM user or group to allow or deny what the person can do with the S3 Bucket, e.g. someone might have write and read access and another person might have only read access or something like that.

Resource Based Policies

Bucket Policy: - JSON based policy (similar to IAM policies) - Contains: Resources (which objects and buckets is this policy for), Actions (which permission you want to allow or deny), Effect (whether you want to 'allow' or 'deny' it), Principle (who are you defining all of this for, e.g. an account, a user, a service, etc.) - Define who can access the bucket (you can grant public access with the bucket policy or grant another AWS account access to the bucket (known as Cross Account access).

Access Control Lists: - Much less common and is not recommended as much as bucket policies.

Encryption

  • Can encrypt objects in S3 with encryption keys to ensure that only you can read the data.

Resource X, Y and Z could be different buckets and it shows how it works.