AWS S3 bucket policy
- Bucket policies is a policy option available for granting permissions to s3 resources.
- Bucket policy is a json document
- Structure of Bucket Policy
{
"Version": "",
"Id": "",
"Statement": [
{
"Sid": "",
"Effect": "Allow|Deny",
"Principal": {
"AWS": <ARN>
},
"Actions": [
],
"Resource: [
]
}
]
}
- Refer Here for the Actions, resource types and condition keys
- To create or edit bucket policy
- Sample bucket policy
{
"Version": "2012-10-17",
"Id": "Policy1622605772735",
"Statement": [
{
"Sid": "Stmt1622605767542",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::qts3inclass/contents/*",
"arn:aws:s3:::qts3inclass/documents/*"
]
}
]
}
- Exercise:
- Ensure you have buckets with two folders
- Create a bucket policy to all principals to access one folder objects and deny other folder objects
ACL
- S3 ACL enables us to manage access to buckets and objects.
- Each bucket and object has an ACL attached to it as a sub resource.
- It defines which AWS Accounts or groups are granted access
- Grantee: A grantee can be AWS account or a predefined S3 groups
- Amazon S3 predefined user groups:
- Authenticate user group
- All users group
- Log Delivery group
- ACL Permissions:
- READ
- WRITE
- READ_ACP
- WRITE_ACP
- FULL_CONTROL
AWS S3 CLI
-
To delete all the buckets one by one Refer Here
-
Using AWS CLI To create a bucket with cross-region replication enabled
- Ensure you have executed Refer Here
-
JSON and YAML tutorial Refer Here
