Understand Bucket Policies
Learn more about managing permissions using bucket policies.
To provide access to a bucket and its objects, we create a resource-based policy which, in this case, is a bucket policy attached to a particular S3 bucket resource. The access can be provided to an AWS user, account, role, or service.
The components of a bucket policy
An S3 bucket policy can be created in JSON. Its main components are as follows:
- Resources: These are AWS S3 resources to which we provide access-based permissions.
- Actions: We can provide permission to perform any particular action on an S3 bucket, such as
s3:GetObject
. - Effect: We can apply either the
Allow
orDeny
effect when an action is requested on the resource. - Principal: This lists the AWS user, account, service, or role to which the set of permissions is being provided.
Sample bucket policy
To understand bucket policy better, have a look at the sample bucket policy below. It provides an AWS user permission to perform the s3:GetObject
, s3:PutObject
, and s3:ListBucket
actions on an S3 bucket:
Get hands-on with 1400+ tech skills courses.