Reputation: 93
In S3, is there a way to deny bucket owner accessing object?
Firstly, what is the difference between these two ACL options: private/bucket-owner-full-control? From document, one is FULL_CONTROL for 'owner', the other is FULL_CONTROL for 'both the object owner and the bucket owner'. Then I thought that the 'private' is only for object owner, not even for the bucket owner,hence the bucket owner can't access the object. It is not true...
Secondly, is there a way to stop browsing data from S3 console at all? Thanks.
Upvotes: 0
Views: 754
Answers (1)
Reputation: 6099
Object is an item in bucket.
Access policy allows more permissions than ACL does, you use ACL to primarily grant basic read/write permissions, similar to file system permissions.
For full-control a Canned ACL is bucket-owner-full-control:
Both the object owner and the bucket owner get FULL_CONTROL over the object. If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
private canned ACL applies to Bucket and object:
Owner gets FULL_CONTROL. No one else has access rights (default).
To Answer Second Question only way to stop browsing data from console is by logging in as an IAM user who does not have permission to s3, if you are logged in as root user (NOT RECOMMENDED) you will see all the AWS Resources in Console.
Hope this helps and for reference read this.
Upvotes: 2
Related Questions
- AWS S3 deny access to objects based on user name
- Restrict read-write access from my S3 bucket
- How to deny s3 bucket access for an AWS account
- Deny AWS S3 bucket access for 2 users
- Restrict AWS S3 bucket access, even from account owner
- Amazon S3 disable access of bucket root
- I want to block public access to my S3 bucket, but give read only access to its object
- Restrict user access to Single S3 Bucket using Amazon IAM?
- Deny Amazon S3 buckets and objects from being public
- Denying direct access to AWS S3 Object