CloudGuild · Blog · Cheat sheets · Lessons · Certifications
S3 Security and Bucket Policies
Control access to S3 with bucket policies, IAM, Block Public Access, and encryption.
S3 access is deny-by-default. Grant access with IAM policies (identity-based) or bucket policies (resource-based).
- Block Public Access overrides permissive ACLs and policies.
- Use SSE-KMS for audited, key-managed encryption at rest.
- Enforce TLS with a bucket policy condition on
aws:SecureTransport.