download free 30 days trial version buy bucket explorer
Documentation  Download  Purchase  Support  FAQs   Forum   ScreenShots & Demos

Amazon S3 Bucket Policies - Introduction

Bucket policies give customers the ability to create conditional rules for managing access to their Buckets and Objects. With the existing Amazon S3 ACLs, you can grant access to another account or to specific groups of Amazon S3. With Bucket policies, you can author policies which either grant or deny access to any number of accounts and across a range or set of keys. It can restrict access based on AWS account as well as request-based attributes. It can also define security rules that apply to objects within a Bucket.

Only Owner can write policy for the Bucket. Bucket Policy can be written to allow as well as deny Bucket level permission. He/She can write policy to deny permission on Object in the Bucket. Policy is applied only on the Objects with Owner and Bucket Owner if the same. Bucket Policy is written in JSON format.

When should you use Bucket Policy vs. ACL

  • If you want to apply permission on a wide range of data, Bucket Policy is a better option.
  • If you want to apply 2 different permissions for different access, then you can use Bucket Policy.
  • Automatically apply permission on newly uploaded objects in the Bucket if it matches with Bucket policy condition. But in the case of ACL, owner has to grant permission explicitly after every newly uploaded object.
  • Due to 20Kb size limitation of Bucket Policy, you can use ACL to grant access permission as per requirements.

How to perform Bucket Policy Operations?

  • Using S3 REST API
    You can perform Bucket policy operations by using Amazon S3 supported REST API in your application code.  
  • Using Bucket Explorer
    You can perform the same Bucket policy operations using Bucket Explorer without the hassle of writing codes.

You can perform the following Bucket Policy operations:

When setting any policy, you can get the details of already set policy via GET request if any policy is already set. Check the link to get more details about Get and Set Bucket Policy – GET PUT Bucket policy using Amazon REST API and using Bucket Explorer.

  • Set Bucket Policy: You can set Bucket policy using PUT Bucket policy request.
  • Remove Bucket Policy: You can remove Bucket policy on Amazon S3 Bucket using DELETE Bucket policy request. Check the link to get more details about Remove Bucket Policy – DELETE Bucket policy using Amazon REST API as well as using Bucket Explorer.
  • Configure Bucket policy: There are different types of Bucket policies which you can set on the S3 Bucket for various purposes. Check the link to get more details about Configure Bucket Policy