All Buckets and objects are private by default. Only the resource owner, an AWS account that created it, can access the resource.
Access to S3 bucket and/or objects can be controlled via
<ol>
<li>IAM Policies</li>
<li>Bucket Polices</li>
<li>Access Control Lists</li>
</ol>
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1655055714490/9ykVabn6S.png" alt="image.png" />
IAM Policies, Bucket Polices, &amp; ACL
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1655055754227/1hPu8pZYw.png" alt="image.png" />
IAM Policies Vs. Bucket Polices IAM Policies are attached to IAM Entities such as User, Groups and Roles and they define What is allowed or denied ?
Bucket Polices are attached to S3 Buckets and define Who is allowed or denied
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1655055829919/OU8Wm7etD.png" alt="image.png" />
AWS S3 Block Public Access
Block Public Access is applicable to only Public/Anonymous access
Block public access settings can override ACLs and bucket policies public access
You can apply block public access settings to individual buckets or to all buckets in your account
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1655055905130/nir31Hj8S.png" alt="image.png" />
When to use What ?
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1655055925424/l1IN9x7Qm.png" alt="image.png" />
AWS References: <a href="https://aws.amazon.com/s3/security/" class="autolinkedURL autolinkedURL-url" target="_blank">aws.amazon.com/s3/security</a> <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html" class="autolinkedURL autolinkedURL-url" target="_blank">docs.aws.amazon.com/AmazonS3/latest/usergui..</a> <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-iam-policies.html" class="autolinkedURL autolinkedURL-url" target="_blank">docs.aws.amazon.com/AmazonS3/latest/usergui..</a> <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/acls.html" class="autolinkedURL autolinkedURL-url" target="_blank">docs.aws.amazon.com/AmazonS3/latest/usergui..</a> <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" class="autolinkedURL autolinkedURL-url" target="_blank">docs.aws.amazon.com/AmazonS3/latest/usergui..</a> 
For More such simple notes on AWS, 
Follow me on LinkedIn: <a href="https://www.linkedin.com/in/venkatesh111/" class="autolinkedURL autolinkedURL-url" target="_blank">linkedin.com/in/venkatesh111</a> Twitter: <a href="https://twitter.com/venkatesh111" class="autolinkedURL autolinkedURL-url" target="_blank">twitter.com/venkatesh111</a> GitHub: <a href="https://venkateshk111.github.io/" class="autolinkedURL autolinkedURL-url" target="_blank">venkateshk111.github.io</a>

All Buckets and objects are private by default. Only the resource owner, an AWS account that created it, can access the resource.

Access to S3 bucket and/or objects can be controlled via

1. IAM Policies
2. Bucket Polices
3. Access Control Lists


![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1655055714490/9ykVabn6S.png align="left")

**IAM Policies, Bucket Polices, & ACL**
![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1655055754227/1hPu8pZYw.png align="left")

**IAM Policies Vs. Bucket Polices**  
IAM Policies are **attached to IAM Entities** such as User, Groups and Roles and they define **What ** is allowed or denied ?

Bucket Polices are **attached to S3 Buckets** and define **Who** is allowed or denied

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1655055829919/OU8Wm7etD.png align="left")

AWS S3 **Block Public Access**
Block Public Access is applicable to only Public/Anonymous access
Block public access settings **can override ACLs and bucket policies** public access
You can apply block public access settings to **individual buckets** or to **all buckets** in your account

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1655055905130/nir31Hj8S.png align="left")

**When to use What ?**

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1655055925424/l1IN9x7Qm.png align="left")

AWS References:  
https://aws.amazon.com/s3/security/  
https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html  
https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-iam-policies.html  
https://docs.aws.amazon.com/AmazonS3/latest/userguide/acls.html  
https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html  

For More such simple notes on AWS, 
Follow me on  
LinkedIn: https://www.linkedin.com/in/venkatesh111/  
Twitter: https://twitter.com/venkatesh111  
GitHub: https://venkateshk111.github.io/  




AWS S3 Security

IAM Policies, Bucket Polices, & ACLs

Engineer | Cloud | DevOps | Automation | Trainer


Venkatesh's blog

Venkatesh's blog

AWS S3 Security

IAM Policies, Bucket Polices, & ACLs

Table of contents

No headings in the article.