CLOUD LABS
Managing Data Access with Amazon S3 Access Points
In this Cloud Lab, you’ll learn to manage data access with Amazon S3 Access Points and learn to use a Lambda function to configure an S3 Object Lambda Access Point.
intermediate
Certificate of Completion
Learning Objectives
Amazon S3 Access Points are a part of Amazon’s cloud storage, making it easier for users to handle and manage data. With this service, you can have better control over who accesses your data and how. With the increasing demands for secure and efficient data storage and retrieval, learning this service can distinguish you from the rest.
In this Cloud Lab, you’ll explore the fundamental features of Amazon S3 Access Points. You’ll start by setting up an Amazon S3 bucket for document storage and establishing two distinct access points—one bound to a specific VPC and another that is universally accessible. You’llthen apply the access point policy to restrict direct access to the S3 bucket. Next, you’ll learn to use AWS S3 Object Lambda Access Points, a feature that dynamically accesses, processes, and returns the transformed data.
After completing this Cloud Lab, you’ll have a thorough understanding of Amazon S3 Access Points and their role in managing data access. You’ll also gain the skills to manage the data access of the S3 bucket and advance your career as a cloud developer.
The following is the high-level architecture diagram of the infrastructure that you’ll create in this Cloud Lab:
Before you start...
Try these optional labs before starting this lab.
Relevant Course
Use the following content to review prerequisites or explore specific concepts in detail.
Frequently Asked Questions
What are the two ways to control access to the S3 buckets?
The two ways to control access to the S3 buckets are as follows:
- Identity-based policies: Attach policies to IAM users, groups, or roles to manage their access to S3 resources.
- Resource-based policies: Attach policies directly to S3 buckets (bucket policies) to define which principals (accounts, users, roles) can access the bucket and the permitted actions.
A third and traditional way to control access to S3 was access control lists (ACLs), but now, AWS recommends disabling ACLs and using policies for more granular and manageable access control.
What is S3 DataAccessPointAccount?
The DataAccessPointAccount is a condition key used in IAM policies to match the AWS account ID of the owner of an S3 Access Point. It helps specify conditions under which certain actions are allowed or denied based on the access point’s owning account.
Why use an S3 access point?
S3 Access Points simplify managing data access at scale for shared datasets by eliminating the need for a single, complex bucket policy with numerous permission rules. They also provide unique hostnames for direct access and support VPC restrictions for private access.
What is the use of ACL in S3?
Access control lists (ACLs) in Amazon S3 grant basic read/write permissions to other AWS accounts. However, AWS recommends disabling ACLs and using policies for access management, as policies offer more comprehensive and manageable access controls.
Trusted by 1.4 million developers working at companies including
Your method is simple, straight to the point and I can practice with it everywhere, even from my phone, that's something I have never had in other learning platforms.
I highly recommend Educative. The courses are well organized and easy to understand.
I prefer Educative courses because they have a nice mix of text & images. I find that with full video courses, it can often be too easy to go into passive learning mode.
I prefer Educative courses because they have a nice mix of text & images. I find that with full video courses, it can often be too easy to go into passive learning mode.
Your method is simple, straight to the point and I can practice with it everywhere, even from my phone, that's something I have never had in other learning platforms.
I highly recommend Educative. The courses are well organized and easy to understand.
I prefer Educative courses because they have a nice mix of text & images. I find that with full video courses, it can often be too easy to go into passive learning mode.
Get access to Educative Cloud Labs
