The below diagram describes how the system evaluates the authorization request for an S3 bucket operation process:
In the S3 bucket operation authorization process, at first the system evaluates whether the requester is an ECS IAM user. If yes, then the request is evaluated against the user context and the bucket contexts. If both verifications are authorized, the access is granted. Else, it is denied.
The below table describes the summary of access details for the same and cross account bucket operation:
Bucket owner (account)
Requestor (account, user)
Comments
A1
U1
The user or the bucket policy determines the access. There is no bucket ACL check.
A1
U2
U2 needs IAM policy from A2, if A1 bucket policy does not a make a determination, then the system checks the bucket ACL.
A1
R1
IAM policy is not relevant for root user (R1). If A1 bucket policy does not a make a determination, then the system checks the bucket ACL.
A1
R2
IAM policy is not relevant for root user (R2). If A1 bucket policy does not a make a determination, then the system checks the bucket ACL.
NOTE: In this table, the following legends are used:
A1 = first account, A2 = second account, U1 = user from the first account, U2 = user from the second account, R1 = root user from the first account, and R2 = root user from the second account.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\