Pre-defined Groups with S3

Explore all pre-defined groups with S3.

Pre-defined Groups

Authenticated Users group:

  • This group represents all AWS accounts.
  • Access permission to this group allows any AWS account access to the resource.
  • All requests must be signed (authenticated).
  • Any authenticated user can access the resource.

All Users group:

  • Access permission to this group allows anyone in the world access to the resource.
  • The requests can be signed (authenticated) or unsigned (anonymous).
  • Unsigned requests omit the authentication header in the request.
  • AWS recommends that you never grant the All Users group WRITE, WRITE_ACP, or FULL_CONTROL permissions.

Log Delivery group:

  • Providing WRITE permission to this group on a bucket enables S3 to write server access logs.
  • This group is not applicable to objects.

ACL permissions

  • The set of ACL permissions is the same for an object ACL and a bucket ACL.
  • Depending on the context (bucket ACL or object ACL), these ACL permissions grant permissions for specific buckets or object operations.

The following table lists the permissions that Amazon S3 supports in an ACL and describes what each means in the context of objects and buckets:

Level up your interview prep. Join Educative to access 70+ hands-on prep courses.