S3 Sharing Buckets Across Accounts Flashcards
1
Q
How can I set up access control over an S3 bucket from the perspective of the bucket (that is, the rules are tied to the bucket)?
A
- Bucket Policies
- Bucket Access Control Lists (even less common)
2
Q
What is the difference between Bucket Policies and Bucket ACLs as it relates to sharing S3 buckets across accounts?
A
- Bucket Policies apply across the entire bucket
- Bucket ACLs apply to individual objects
3
Q
Which method of sharing S3 buckets across accounts is the only one that provides both Programatic and Console access?
A
Cross-account IAM Roles
4
Q
What are the 3 ways to share S3 buckets across accounts? What level of access does each provide?
A
- Bucket Policies & IAM – (applies across entire bucket) Programatic Access Only
- Bucket ACLs & IAM (applies to individual objects) Programatic Access Only
- Cross-account IAM Roles. – Programmatic AND Console Access