AWS adds new S3 security and access control features

2020-10-06 10:02

Object Ownership is a permission that can be set when creating a new object within an S3 bucket, to enforce the transfer of new object ownership onto the bucket owner.

"With the proper permissions in place, S3 already allows multiple AWS accounts to upload objects to the same bucket, with each account retaining ownership and control over the objects. This many-to-one upload model can be handy when using a bucket as a data lake or another type of data repository. Internal teams or external partners can all contribute to the creation of large-scale centralized resources," explained Jeff Barr, Chief Evangelist for AWS. But with this set up, the bucket owner doesn't have full control over the objects in the bucket and therefore cannot use bucket policies to share and manage objects.

Bucket Owner Condition allows bucket owners to confirm the ownership when they create a new object or perform other S3 operations.

AWS recommends using Bucket Owner Condition whenever users perform a supported S3 operation and know the account ID of the expected bucket owner.

S3 Access Points are "Unique hostnames that customers create to enforce distinct permissions and network controls for any request made through the access point. Customers with shared data sets [] can easily scale access for hundreds of applications by creating individualized access points with names and permissions customized for each application."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/cbsiEXD5Flo/

#accesscontrol #AWS #S3 #security