Learn how to manage access to Simple Storage Service (S3) through the use of S3 Bucket Policies. Learn about how bucket policies are controls which apply to an individual S3 bucket. Learn about the power of S3 buckets, as they allow delegation of access to S3 without relinquishing control of the bucket itself. Via the Web Console, read through a bucket policy and gain an understanding of how it was configured to allow different levels access to IAM users from different AWS accounts
- [Tutor] S3 bucket policies are security controls…applied at the bucket level.…Let's explore some defining features…and ways in which you can use them.…S3 bucket policies are useful…in that they specify security controls…at the individual bucket level.…In addition, they are useful if you use many S3 buckets,…each of which has its own security requirements.…Most notably, bucket policies are an ideal mechanism…to grant access to a specific bucket…across AWS accounts.…
Perhaps the defining feature of this control mechanism…is that bucket policies allow you to delegate access…without sacrificing control.…The permissions specified in the bucket policy…take precedence.…Consider the following use case.…A company chooses to separate its development…and production systems by implementing…separate AWS accounts.…For its production systems,…the company stores configuration files…in an S3 bucket in its production AWS account.…Olivia is an engineer with an IAM user…in the production AWS account.…
According to her role,…she needs to be able to access…
Sharif Nijim couples pragmatic advice with practical examples that educate IT pros on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts, including users, groups, roles, and policies. Learn how to configure Identity and Access Manager (IAM) and Simple Storage Service (S3) access management, including policies and access control lists. At the end of the course, Sharif helps you prepare for the inevitable audit of your AWS account(s).
This course is also part of a series designed to help you prepare for the AWS Certified SysOps Administrator – Associate certification exam.
- Summarize the AWS Shared Responsibility Model.
- Recall how to implement separation of duties.
- Differentiate between assigning permissions to an individual versus a group.
- Summarize how to create IAM roles.
- Describe how to secure financial access.
- Recall the steps for managing access to S3 with IAM.
- Cite the advantages of a pre-signed URL.