What are S3 default grantees "Any Authenticated AWS user" and "aws.(account alias)"

Question

What are the following default S3 bucket grantees?

Please give a scenario of when you can use it to help me understand.

Any Authenticated AWS user aws.(account alias)

Answer 1

Amazon S3 - ACL Overview

Authenticated Users group – Represented by http://acs.amazonaws.com/groups/global/AuthenticatedUsers. This group represents all AWS accounts. Access permission to this group allows any AWS account to access the resource. However, all requests must be signed (authenticated).

All Users group – Represented by http://acs.amazonaws.com/groups/global/AllUsers. Access permission to this group allows anyone to access the resource. The requests can be signed (authenticated) or unsigned (anonymous). Unsigned requests omit the Authentication header in the request.

Log Delivery group – Represented by http://acs.amazonaws.com/groups/s3/LogDelivery. WRITE permission on a bucket enables this group to write server access logs (see Server Access Logging) to the bucket.

Why use "Authenticated User"?

You would use this to ensure access was not completely anonymous. This way you can still publicly host data, but only authorized individuals who have an AWS account to access it.

This may not sound very useful at first.

But, it can be used to track unique users better than completely anonymous web-requests. You can also use this to develop policies to block users who abuse your object access, which is something very difficult to do with completely anonymous requests.