Set up Bucket and Object Permissions

Learn about several ways to allow or restrict access to a bucket and its objects.

After data upload, we need to ask ourselves, “Is our data secure from any unauthorized access, and if not, how do we restrict the access?”.

By default, AWS only allows the resource owner or the account owner access to resources. This means all created resources are private by default.

In case we need to provide access to the bucket to other services or users, there are multiple access management features available in S3 that allow authorized access.

AWS recommends following the principle of least privilege while granting permissions. This means we only grant permissions that are necessary to perform any specific task instead of granting full access rights.

Access management features in S3

  • AWS IAM (Identity and Access Management)
  • Bucket policies
  • Access control list (ACL)

Block public access

To block public access to the whole S3 bucket, we can enable “Block public access” permissions. However, it’s enabled by default whenever a bucket is created. This blocks all public/anonymous access to a bucket and its objects.

“Block public access” can either be enabled at the account level or at the bucket level. If we enable it at the account level, all bucket level permissions are overridden.

The steps to manage “Block public access (bucket settings)” are listed below: Navigate to the S3 console and choose an S3 bucket. Go to the “Permissions” tab and navigate to “Block public access (bucket settings).” Select the desired option.

Get hands-on with 1400+ tech skills courses.