In this video, you will learn how to manage access to individual Simple Storage Service (S3) objects through the use of S3 Access Control Lists (ACLs). You will understand that ACLs apply to an individual object, and are a legacy security control that pre-dates the existence of Identity and Access Management (IAM). Using the Web Console, you will understand where to configure the ACL for a given bucket, and gain an appreciation of why you need to be careful with them.
- [Voiceover] S3 Access Control Lists,…or ACLs are another tool that exist…for controlling access to objects…stored in S3.…Let's understand what they are,…and see how they work.…The first thing to understand about ACLs…is that they apply to every object…you put into S3.…With literally trillions of objects stored in S3…that's potentially a lot of ACLs.…Imagine the chaos if each object…had unique ACLs.…Maintenance would be an administrative nightmare.…
The next thing to understand is that…with S3 being one of the oldest services…in AWS, S3 ACLs came into being long before…IAM existed as a service.…Let's explore S3 ACLs to give you…an appreciation why you need to be careful…if you decide to use them.…Here we are logged into the web console…looking at the S3 landing page.…Let's take a peak at the SBN S3…ACL example bucket.…Right-clicking on the bucket and…choosing Properties shows me the properties…affiliated with this bucket.…
If I click on Permissions,…I can see that it says "Add bucket policy."…This means there is no bucket policy in place.…
Sharif Nijim couples pragmatic advice with practical examples that educate organizations on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts: users, groups, roles, and policies. At the end of the course, he helps you prepare for the inevitable audit of your AWS account(s).
This course includes trademarks owned by Amazon Web Services. This course has not been prepared, approved, or endorsed by Amazon Web Services.
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Troubleshooting IAM policies
- Granting temporary access
- Incorporating least privilege
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor