dslagle
It should be noted that it is possible to apply rules to individual objects in a bucket policy by specifying the specific object as the resource in the bucket policy as opposed to using /*. Whether this is better or worse than using ACLs, I’m not sure. Does AWS have a recommendation?
1 Answers
Felipe Cavalcanti
This is mentioned in the Cloud Guru S3 Masterclass. Although you can specify individual access controls rules for objects within a Bucket Policy, it becomes hard to manage. Especially if you have thousands of objects in the bucket. You would likely exceed the 20kb limit for the Bucket Policy. Therefore, Bucket ACLs are better suited for access control on individual objects.
According to AWS Docs, "An object ACL is the only way to manage access to objects not owned by the bucket owner." Why don’t you try to see if this info is outdated?