s3

Creating an S3 bucket is easy enough, but to apply the principle of least privilege properly we need to understand how to create the right permissions for specific IAM identities. This might be straightforward if it weren’t for the multiple ways to configure permissions in S3, each having its own rules and edge cases. This article helps you navigate this minefield, with details not only of how the S3 permissions work, but also how you can implement some common real-world scenarios such as S3 bucket access from another AWS account....

What is an S3 VPC endpoint? To understand what an S3 VPC endpoint is, we first need to know what problem it solves. Imagine we want to get access to S3 from an AWS resource. In the example below, we have an EC2 instance that needs to copy a file from an S3 bucket: This works, because: the EC2 instance is in a public subnet, so has access to the internet therefore the EC2 instance can reach the AWS S3 URL to copy the file from the S3 bucket Public subnets A public subnet is simply one that has a route to the internet....