Understand Bucket Policies

To provide access to a bucket and its objects, we create a resource-based policy which, in this case, is a bucket policy attached to a particular S3 bucket resource. The access can be provided to an AWS user, account, role, or service.

The components of a bucket policy

An S3 bucket policy can be created in JSON. Its main components are as follows:

  • Resources: These are AWS S3 resources to which we provide access-based permissions.
  • Actions: We can provide permission to perform any particular action on an S3 bucket, such as s3:GetObject.
  • Effect: We can apply either the Allow or Deny effect when an action is requested on the resource.
  • Principal: This lists the AWS user, account, service, or role to which the set of permissions is being provided.

Sample bucket policy

To understand bucket policy better, have a look at the sample bucket policy below. It provides an AWS user permission to perform the s3:GetObject, s3:PutObject, and s3:ListBucket actions on an S3 bucket:

Get hands-on with 1200+ tech skills courses.