AWS Developer 認證 - S3 permissions

06-22

IAM policies vs. S3 bucket policies vs. S3 ACLs

- json, principles that allow/deny the access on arn

- centralized permissions, instead of spreading them between IAM and S3.

- a large number of S3 bucket policies

- json, principles that allow/deny the access on arn

- if you want a simple way to grant cross-account access to your S3 environment, without using IAM roles.

- prefer to keep access control policies in the S3

- basic read/write permissions

- your account, other aws canonical user id, public access,

- a legacy access control mechanism that predates IAM

- apply policies on the bucket and objects

- Bucket and object permissions are independent of each other

- An object does not inherit the permissions from its bucket.

IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources) | Amazon Web Services?

aws.amazon.com
推薦閱讀：