Welcome to the new Amazon S3 User Guide! The Amazon S3 User Guide combines information and instructions from the three retired guides: Amazon S3 Developer Guide, Amazon S3 Console User Guide, and Amazon S3 Getting Started Guide.
Identity and access management in Amazon S3
By default, all Amazon S3 resources—buckets, objects, and related subresources (for
example,
lifecycle
configuration and website
configuration)—are
private. Only the resource owner, the AWS account that created it, can access the
resource. The resource owner can optionally grant access permissions to others by
writing an
access policy.
Amazon S3 offers access policy options broadly categorized as resource-based policies and user policies. Access policies that you attach to your resources (buckets and objects) are referred to as resource-based policies. For example, bucket policies and access control lists (ACLs) are resource-based policies. You can also attach access policies to users in your account. These are called user policies. You can choose to use resource-based policies, user policies, or some combination of these to manage permissions to your Amazon S3 resources. The following sections provide general guidelines for managing permissions in Amazon S3.
For more information about managing access to your Amazon S3 objects and buckets, see the topics below.
Topics
- Overview of managing access
- Access policy guidelines
- How Amazon S3 authorizes a request
- Bucket policies and user policies
- Managing access with ACLs
- Using cross-origin resource sharing (CORS)
- Blocking public access to your Amazon S3 storage
- Managing data access with Amazon S3 access points
- Reviewing bucket access using Access Analyzer for S3
- Controlling ownership of uploaded objects using S3 Object Ownership
- Verifying bucket ownership with bucket owner condition