S3 Security
Securing your buckets
- By default, all newly created buckets are PRIVATE
- Only the owner of the bucket gets access and its contents
- Only the owner can upload new files, read files, delete, etc
- No public access by default
You can set up access control to your buckets using:
- Bucket policies - applied at bucket level
- Written in JSON
- Javascript notation language
- Written in JSON
- Access control lists - applied at an object level
- Apply different permissions for different objects
- Define which accounts or groups are granted access
- As well as type of access
- Situations where you want different permissions for different objects for different users
- S3 buckets can be configured to create access logs, which log all requests made to the S3 bucket
- These logs can be written to another bucket