download free 30 days trial version buy bucket explorer
Documentation  Download  Purchase  Support  FAQs   Forum   ScreenShots & Demos

Amazon S3 - When to Use ACLs vs. Bucket Policies?

As we have mentioned, ACLs grant access permissions to bucket or objects. On the other hand, Bucket policies allow you to write a policy that will either grant or deny access to buckets or objects. Depending on your specific needs, you can choose to use either ACL or Bucket Policy.

There are certain cases where using ACL is the most appropriate permission model.

  • There is a Bucket Policy only and no Object Policy

    In cases when you need to grant a wide variety of permissions on each object in the bucket, you must explicitly grant access permissions on each object.

  • 20 Kilobytes limit of Bucket Policies

    Bucket policy has a 20 kilobytes limit in size. When you need to grant access permissions to a large number of objects and users, you might reach the 20 kilobyte size limit. With that, it is best to use ACLs for additional grants.

Amazon S3 supports ACL and Bucket Policy. You don’t have to change your permission model if you are already using ACLs. There are certain cases when using ACLs provide the most appropriate permission.