Tuesday, November 29, 2016

Amazon S3 grants permission to four types of users

Amazon S3 grants permission to four types of users, namely:
  1. Owner (account holder)
    Person who holds an Amazon S3 account is also known as the owner of the service. By default, the owner has full permission. The owner can create, access, and delete objects. He/She can also view and modify ACLs of each and every Bucket and its object(s).
  2. Amazon S3 Users (by adding Amazon.com email address or Canonical Id)
    If the owner wants to share or allow another Amazon S3 user to access his/her Bucket, then the owner should know the email address of the invitee. Email address only works if the invitee has registered his/her Amazon S3 account with that email address. You can also do this with Canonical ID instead of email address.
  3. Authenticated User (Sharing globally with all Amazon S3 Users)
    Anyone with a valid S3 account is a member of the "Authenticated Users" group. If Owner wants to share his/her Bucket globally with all Amazon S3 users, then he/she can give read permission to authenticated users to see the objects and can give write permission to update existing objects and upload new objects.
  4. Non Authenticated Users (All Users)
    If Owner wants to make his/her Bucket and objects public with all internet users, he/she needs to give the appropriate permissions to ALL USERS. Now any user will be able to access the object provided by the name of the Bucket.
NOTE: We strongly recommend that in most cases, you avoid setting Bucket ACL as "read all" permission. It will be true when you are using Bucket for web hosting or when using Public Distribution, S3 Website features.
Did you know?
Permission set for a Bucket does NOT automatically propagate to files stored in that Bucket.

"Read" permission at Bucket level does NOT mean that the authorized user can read all the files in that Bucket. If you have Read permission on a Bucket that you do not own, that means that you are authorized for "list Bucket" request on that Bucket, which essentially means that if you give "read" permission on a Bucket to everyone, then everyone can list the file names, their size and last modified date from that Bucket. In most cases, this is not a recommended option to give " read " permission to everyone.

Resource Link:
http://www.bucketexplorer.com/documentation/amazon-s3--access-control-list-acl-overview.html

No comments:

Post a Comment