Understand Bucket Policies

Learn more about managing permissions using bucket policies.

We'll cover the following

The components of a bucket policy
- Sample bucket policy
Add a bucket policy using the AWS CLI
Delete the bucket policy using the AWS CLI

To provide access to a bucket and its objects, we create a resource-based policy which, in this case, is a bucket policy attached to a particular S3 bucket resource. The access can be provided to an AWS user, account, role, or service.

The components of a bucket policy

An S3 bucket policy can be created in JSON. Its main components are as follows:

Resources: These are AWS S3 resources to which we provide access-based permissions.
Actions: We can provide permission to perform any particular action on an S3 bucket, such as s3:GetObject.
Effect: We can apply either the Allow or Deny effect when an action is requested on the resource.
Principal: This lists the AWS user, account, service, or role to which the set of permissions is being provided.

Sample bucket policy

To understand bucket policy better, have a look at the sample bucket policy below. It provides an AWS user permission to perform the s3:GetObject, s3:PutObject, and s3:ListBucket actions on an S3 bucket:

Get hands-on with 1200+ tech skills courses.

Introduction

Get Started with S3

Work with S3

Create an S3 Bucket

Static Web Hosting Using S3

Host a Static Website on S3

Manage and Monitor S3

Manage and Monitor S3

Appendix

Conclusion

Understand Bucket Policies

The components of a bucket policy

Sample bucket policy