Cross-Account Access to S3 Buckets and Objects

Length: 00:17:53

Lesson Summary:

Securing S3 buckets for access via a single account can often be challenging enough. In this lesson we'll step through how to provide access to buckets and objects using Cross-Account policies and roles. We review the pros and cons of each, and discuss appropriate usage.

https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-8

https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-owner-access/

https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/

{
  "Statement":[
    {
      "Effect":"Allow",
      "Principal":{"AWS":"311407276115"},
      "Action":"s3:PutObject",
      "Resource":["arn:aws:s3:::la-permissionsdemo/*"]
    },
    {
      "Effect":"Deny",
      "Principal":{"AWS":"311407276115"},
      "Action":"s3:PutObject",
      "Resource":"arn:aws:s3:::la-permissionsdemo/*",
      "Condition": {
        "StringNotEquals": {"s3:x-amz-acl":"bucket-owner-full-control"}
      }
    }
  ]
}

This lesson is only available to Linux Academy members.

Sign Up To View This Lesson
Or Log In

Looking For Team Training?

Learn More

© Linux Academy. All rights reserved.

Pinehead® and the Linux Academy logo® is the registered trademark of Linux Academy in the U.S. and other countries.

Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.