Configuring S3 permissions and access controls

It's important to ensure that only authorized users have access to your data. S3 allows you to set fine-grained permissions on individual objects and buckets, so you can control who can access your data and what actions they can perform. By default, all S3 resources (buckets and objects) are private. Meaning only the resource owner can access them.

The resource owner can give access to others through resource-based policies (attached to the resource) or user policies (or identity-based policies). Access control lists (ACLs) can also be used to grant basic read and write permissions to other AWS accounts. However, it is generally recommended to use policies rather than ACLs for access control.

Identity-based Policies

Identity-based policies are policies that are attached to an identity (IAM user, group, or role). These policies specify the permissions that the identity has, such as the actions they can perform and the resources they can access. Identity-based policies can be managed (saved and managed in IAM) or inline (included directly in the identity's JSON policy document).

You will learn more about identity-based policies in our IAM section so this course will focus on resource-based policies.

Resource-based Policies

Resource-based policies are policies that are attached to a resource (or an S3 object in this example) and specify who has access to the resource and what actions they can perform on it. These policies are inline only, meaning that they are defined directly within the resource's configuration and cannot be managed independently from the resource. Resource-based policies can be used to grant permissions to other AWS accounts or IAM users, groups, and roles within your account

Configuring Bucket Policies

To configure an S3 Bucket Policy, open the S3 Buckets dashboard then select the desired policy (in my case, myfirstbucket129).

![image 1](https://zrftqtvkikjkbtkfalgp.supabase.co/storage/v1/object/public/l…