In this video, you will learn how to manage access to Simple Storage Service (S3) through the use of S3 Bucket Policies. You will understand that bucket policies are controls which apply to an individual S3 bucket. You will appreciate the power of S3 buckets, as they allow delegation of access to S3 without relinquishing control of the bucket itself. Via the Web Console, we will read through a bucket policy and gain an understanding of how it was configured to allow different levels access to IAM users from different AWS accounts
- View Offline
- [Voiceover] S3 bucket policies are security controls…applied at the bucket level.…Let's explore some defining features and ways…in which you can use them.…S3 bucket policies are useful…in that they specify security controls…at the individual bucket level.…In addition, they are useful if you use many S3 buckets,…each of which has its own security requirements.…Most notably, bucket policies are an ideal mechanism…to grant access to a specific bucket…across AWS accounts.…
Perhaps the defining feature of this control mechanism…is that bucket policies allow you to delegate access…without sacrificing control.…The permissions specified in the bucket policy…take precedence.…Consider the following use case.…A company chooses to separate its development…and production systems by implementing…separate AWS accounts.…For its production systems, the company stores…configuration files in an S3 bucket…in its production AWS account.…Olivia is an engineer with IAM user…in the production AWS account.…
According to her role, she needs to be able to access…
Sharif Nijim couples pragmatic advice with practical examples that educate organizations on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts: users, groups, roles, and policies. At the end of the course, he helps you prepare for the inevitable audit of your AWS account(s).
This course includes trademarks owned by Amazon Web Services. This course has not been prepared, approved, or endorsed by Amazon Web Services.
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Troubleshooting IAM policies
- Granting temporary access
- Incorporating least privilege
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor