         | Did this page help you? Yes No Tell us about it... |
Access Control
Topics
Amazon S3 enables you to manage access to objects and buckets using access control lists (ACLs), bucket policies and IAM policies. You can use them independently or together. This section describes both.
An ACL is a list of grants. A grant consists of one grantee and one permission to access Amazon S3 resources (buckets and objects). ACLs only grant permissions; they do not deny them. ACLs can contain the following grantee types:
Specific AWS accounts
All AWS accounts
Any anonymous request
Bucket policies provide access control management at the bucket level for both a bucket and the objects in it. Bucket policies are a collection of JSON statements written in the access policy language. The policies provide a fine granularity of access control for Amazon S3 resources. The policies also allow you to set permissions for a large number of objects with one statement.
AWS Identity and Access Management (IAM) enables you to create multiple users within your AWS account and manage their permissions via IAM policies. These policies are attached to the users, enabling centralized control of permissions for users under your AWS account. Note that bucket policies are attached to a bucket and the IAM policies are attached to individual users in your account.
