Menu
Amazon Simple Storage Service
Console User Guide

How Do I Set ACL Bucket Permissions?

If you are in the old Amazon S3 console, to use the new console, choose Opt In in the following box, which appears on the old Amazon S3 console home page. Note that Opt In is not available in all Regions.  


                            Opt-in to new Amazon S3 console UI

This section explains how to use the Amazon Simple Storage Service (Amazon S3) console to manage access permissions for S3 buckets by using access control lists (ACLs). ACLs are resource-based access policies that grant access permissions to buckets and objects. For more information about managing access permissions with resource-based policies, see Overview of Managing Access in the Amazon Simple Storage Service Developer Guide.

In addition to granting permissions to your own AWS account, you can grant permissions to other AWS account users or to predefined groups. The user or group that you are granting permissions to is called the grantee. By default, the owner, which is the AWS account that created the bucket, has full permissions.

Each permission you grant for a user or group adds an entry in the ACL associated with the bucket. The ACL lists grants, which identify the grantee and the permission granted. For more information about ACLs, see Managing Access with ACLs in the Amazon Simple Storage Service Developer Guide.

To set ACL access permissions for an S3 bucket

  1. Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/.

  2. In the Bucket name list, choose the name of the bucket that you want to set permissions for.

  3. Choose Permissions.

  4. You can Manage Users or Manage Public Permissions.

    • To grant permissions to an AWS user from a different AWS account, under Manage users choose Add users. In the Enter an ID or email field, type an email address or the canonical ID of the AWS user that you want to grant bucket permissions to. The email address must be the same one that the user gave when signing up for an AWS account. For information on finding a canonical ID, see AWS Account Identifiers in the Amazon Web Services General Reference. You can add as many as 99 users.

      Select the check boxes next to the permissions that you want to grant to the user, and then choose Save. To display information about the permissions, choose the help icons.

    • To give public access to your bucket, under Manage public permissions, choose one of the following predefined groups:

      • Any authenticated AWS user–This group represents all AWS accounts worldwide. Access permission to this group allows any authenticated AWS account user to access the objects in the bucket.

      • Everyone–Access permission to this group allows anonymous access, which means that anyone in the world can access the bucket.

      To display information about the permissions, choose the help icons.

      Select the check boxes for the permissions that you want to grant to the user, and then choose Save.

More Info