S3 5 Flashcards
Access Points
What are S3 access points?
Separate DNS for S3 bucket
Access Points
Why use access points?
Can have the DNS apply only to subset of objects, use a separate Policy.
Access Points
What’s the typical use case for this?
Single bucket used by many teams, all with different prefixes.
Access Points
What’s the security value prop of using Access Points?
No single, complicated bucket policy: each Access Point has simpler, focused policy.
Access Points
What is the AWS CLI command to create S3 access points (important!)?
important
aws s3control create-access-point
Access Points
Access Point policy is functionally equivalent to what?
Bucket Policy (can do all the same things)
Access Points
What’s the big security hole with Access Points?
Can just skip it and talk to S3 directly.
Access Points
If there’s a security hole, why use Access Points?
Access Points are about splitting up huge bucket policies, not security
Access Points
Access Point allows PutObject, Bucket policy doesn’t. What happens?
Not granted. Access Points “fit into” the bucket policy
Access Points
If bucket policy needs perms, why bother with Access Points?
Leave bucket policy wide open (or at lest much wider) than Access Points, but don’t allow direct access.
Access Points
Can you use S3 Access Points with VPC Endpoints?
Yes
Access Points
Access Point + VPC Endpoint secure?
Can be: Access Point condition requiring access from VPC Endpoint