User based security
- IAM policies Define which API calls should be allowed for a specific user from IAM. If an AWS service needs to access the S3, you have to define IAM role for that service.
An IAM principal can access an S3 object if:
- the user IAM permissions allow it OR the resources policy allows it
- AND there is no explicit deny of permission
Resources based security
- Bucket policies Bucket wide rules from the S3 console, can define permissions for different account.
- IAM Access Analyzer for S3 A monitoring tool to display personnels that have the access to your S3 buckets.
- Object Access Control List (ACL) Finer grain security (can be disabled)
- Bucket Access Control List (ACL) Less common security (can be disabled)
- Encryption keys You can encrypt objects in Amazon S3 using encryption keys
Back to parent node: Amazon S3
Cloud_computingAWSAWS_CLF-C02AWS_storageAmazon_S3S3_security
Reference* - Udemy Ultimate AWS Certified Cloud Practitioner CLF-C02