Submitted by heartin on Tue, 07/25/2017 - 07:55
When a request is made, the AWS service decides whether a given request should be allowed or denied as follows:
By default, all requests are denied.
An explicit allow (Effect=allow + condition(IpAddress/NotIpAddress)) overrides this default.
An explicit deny (Effect=deny + condition(IpAddress/NotIpAddress)) overrides any allows.
Submitted by heartin on Tue, 07/25/2017 - 07:53
[Lab] S3 Bucket Policy Examples - Basic Policies and Use of Principal
Bucket policies determine whether a user, group, or role is authorized to do an operation on a S3 resource. We can specify JSON based bucket policies for your buckets under Permissions tab. To make it easier to create policies, AWS also provides a policy generator.
Submitted by heartin on Tue, 07/25/2017 - 07:50
A policy is a document (written in the Access Policy Language) that acts as a container for one or more permission statements. A statement is the formal description of a single permission. Within a statement you can specify elements such as Effect (allow / Deny), Principal, AWS Services, Actions (e.g. Create Bucket), Amazon Resource Name (ARN) and optionally conditions (e.g. ARN Equals, NotIPAddress).