Certified Security - Specialty

Sign Up Free or Log In to participate!

Bucket policies can apply to individual objects in the bucket

It should be noted that it is possible to apply rules to individual objects in a bucket policy by specifying the specific object as the resource in the bucket policy as opposed to using /*. Whether this is better or worse than using ACLs, I’m not sure. Does AWS have a recommendation?

Steve Rogers

According to AWS Docs, "An object ACL is the only way to manage access to objects not owned by the bucket owner." Why don’t you try to see if this info is outdated?

1 Answers

This is mentioned in the Cloud Guru S3 Masterclass. Although you can specify individual access controls rules for objects within a Bucket Policy, it becomes hard to manage. Especially if you have thousands of objects in the bucket. You would likely exceed the 20kb limit for the Bucket Policy. Therefore, Bucket ACLs are better suited for access control on individual objects.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?