S3 5

Question 1

Access Points

What are S3 access points?

Answer 1

Separate DNS for S3 bucket

Question 2

Access Points

Why use access points?

Answer 2

Can have the DNS apply only to subset of objects, use a separate Policy.

Question 3

Access Points

What’s the typical use case for this?

Answer 3

Single bucket used by many teams, all with different prefixes.

Question 4

Access Points

What’s the security value prop of using Access Points?

Answer 4

No single, complicated bucket policy: each Access Point has simpler, focused policy.

Question 5

Access Points

What is the AWS CLI command to create S3 access points (important!)?

important

Answer 5

aws s3control create-access-point

Question 6

Access Points

Access Point policy is functionally equivalent to what?

Answer 6

Bucket Policy (can do all the same things)

Question 7

Access Points

What’s the big security hole with Access Points?

Answer 7

Can just skip it and talk to S3 directly.

Question 8

Access Points

If there’s a security hole, why use Access Points?

Answer 8

Access Points are about splitting up huge bucket policies, not security

Question 9

Access Points

Access Point allows PutObject, Bucket policy doesn’t. What happens?

Answer 9

Not granted. Access Points “fit into” the bucket policy

Question 10

Access Points

If bucket policy needs perms, why bother with Access Points?

Answer 10

Leave bucket policy wide open (or at lest much wider) than Access Points, but don’t allow direct access.

Question 11

Access Points

Can you use S3 Access Points with VPC Endpoints?

Answer 11

Yes

Question 12

Access Points

Access Point + VPC Endpoint secure?

Answer 12

Can be: Access Point condition requiring access from VPC Endpoint