Home Amazon S3 Bucket Policies Allow Increased Control and Security

Amazon S3 Bucket Policies Allow Increased Control and Security

One of the lingering problems with adoption of cloud computing has been the issue of facilitating access – both for the end-user and for the IT professional.

In a move that addresses these concerns, Amazon Web Services announced yesterday that it had added support for Bucket Policies. These policies will provide a single mechanism for managing access to the Amazon S3 buckets and for the objects stored in them. These policies are expressed using Amazon’s Access Policy Language, which will centralize and refine permissions management.

The Old Controls

Prior to the announcement, there were two access control mechanisms for Amazon S3: query string authentication and the Access Control List. The former creates a URL that will grant temporary access to a bucket. The latter provides for selective access, with certain permissions – read, write, read ACL, write ACL – designated for certain people. One of the drawbacks to either of these methods was that new objects added to a bucket required their access controls be set individually.

The New Controls

So while these ACLs grant permission on an object-by-object basis, the new bucket policies allow a much more granulate level of control. Permissions can be added or denied across all or a subset of the objects within a single bucket. The policies can include references to IP addresses and ranges, dates, the HTTP referrer, and transports (http and https).

As AWS notes in their explanation of the new bucket policies, this allows you to, for example, allow write access to a particular S3 bucket only from your corporate networ during business hours from your custom application (as identified by a user agent string).

These new bucket policies are designed to facilitate the way in which information is stored and accessed in the cloud, adding to IT’s security and management toolkit

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.