S3 Security: Policies and ACLs

AWS Cloud Practitioner to Architect: 0 to Hero

Securing Your S3 Buckets

By default, all S3 buckets are private. You can manage access through:

1. User-Based Security:

IAM Policies (Which users can access).

2. Resource-Based Security:

Bucket Policies: JSON based rules for the whole bucket (Best for public access or cross-account).
Object ACLs: Finer grain (mostly deprecated in favor of policies).

Encryption:

SSE-S3: Managed by AWS.
SSE-KMS: User manages keys.
SSE-C: User provides their own keys.