04/12/2022 12:53 | Category: aws

Tags: s3certificationdeveloper_associate

securing s3 buckets

By default S3 buckets are relatively quite secure.

Default settings

  1. Private - all newly created buckets are private
  2. Bucket owner - only the bucket owner can upload new files, read files, delete, etc.
  3. No public access - no public (anonymous) access is allowed

Opening up default settings

  1. Bucket policies
    1. Applied at a bucket level - permissions are applied to all objects in the bucket
    2. Not individual objects - can't attach a bucket policy to an individual object
    3. Groups of files - files tha tneed to be accessed by the same people
      1. Example: All users in a team need access to the same objects
    4. Format of bucket policies are similar to IAM policy documents
  2. Bucket access control lists (ACLs)
    1. Access control lists - applied at an object level, with different permissions for different objects
    2. Grant access to objects - defined by account or groups with different access types
    3. Fine grained control - different access types granted to different objects in the same bucket
      1. Example: Set some objects for read access by user or group, account, etc.
    4. Allows s3 access logs to be enabled (disabled by default) - logs information on every object request
      1. Logs can be written to a separate S3 bucket