Certified Security - Specialty

Sign Up Free or Log In to participate!

IAM user as grantee for S3 bucket or object ACLs?

@4:40 you say, "yes, you can apply object ACL to individual IAM users but you cannot do it through the console, you have to do it through the CLI or API"

On the AWS S3 ACL Overview page (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) it states: "When using ACLs, a grantee can be an AWS account or one of the predefined Amazon S3 groups. However, the grantee cannot be an IAM user."


Stefanos Demerliotis

You are right. Also you can grant permissions only to other AWS accounts; you cannot grant permissions to users in your account. This was also wrong in the video.

Stacy Tucker

Thank you for helping to clarify this.


Well spotted!


I think it is about terminology, AWS account (known as AWS root account), AWS user it is actually AWS IAM user that is related (derived) from an AWS root account.

Barry Sheward

Am I the only one who wishes AWS would retire ACLs and stick to bucket policies?

Ashish Bharti

policy cumulative limitations on te number of characters is an issue. And therefore i for one thought ACL should be extended to support IAM users. Upto 99/100 usres can be added why would i add 100 accounts (iam users yes).

1 Answers

Can we get this updated in the course?

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?