Learn how to manage access to individual Simple Storage Service (S3) objects through the use of S3 Access Control Lists (ACLs). ACLs apply to an individual object, and are a legacy security control that pre-dates the existence of Identity and Access Management (IAM). Using the Web Console, you will understand where to configure the ACL for a given bucket, and gain an appreciation of why you need to be careful with them.
- [Voiceover] S3 access control lists, or ACLs,…are another tool that exists for…controlling access to objects stored in S3.…Let's understand what they are and see how they work.…The first thing to understand about ACLs is…that they apply to every object you put into S3.…With literally trillions of objects stored in S3,…that's potentially a lot of ACLs.…Imagine the chaos if each object had unique ACLs.…Maintenance would be an administrative nightmare.…
The next thing to understand is…that with S3 being one of the oldest services in AWS,…S3 ACLs came into being long before…IAM existed as a service.…Let's explore S3 ACLs to give you an appreciation…why you need to be careful if you decide to use them.…Here we are logged into the web console…looking at the S3 landing page.…Let's take a peek at the SBN S3 ACL example bucket.…Right clicking on the bucket and choosing properties…shows me the properties affiliated with this bucket.…
If I click on permissions,…I can see that it says add bucket policy.…This means there is no bucket policy in place.…
Sharif Nijim couples pragmatic advice with practical examples that educate IT pros on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts, including users, groups, roles, and policies. Learn how to configure Identity and Access Manager (IAM) and Simple Storage Service (S3) access management, including policies and access control lists. At the end of the course, Sharif helps you prepare for the inevitable audit of your AWS account(s).
This course is also part of a series designed to help you prepare for the AWS Certified SysOps Administrator – Associate certification exam.
- Summarize the AWS Shared Responsibility Model.
- Recall how to implement separation of duties.
- Differentiate between assigning permissions to an individual versus a group.
- Summarize how to create IAM roles.
- Describe how to secure financial access.
- Recall the steps for managing access to S3 with IAM.
- Cite the advantages of a pre-signed URL.