Posted On: Jan 20, 2022
You can now use the Amazon S3 Object Ownership setting, Bucket owner enforced, to disable access control lists (ACLs) in the AWS China (Beijing), AWS China (Ningxia), and AWS GovCloud (US) Regions, simplifying access management for data stored in S3. When you apply this bucket-level setting, every object in an S3 bucket is owned by the bucket owner, and ACLs are no longer used to grant permissions. As a result, access to your data is based on policies, including AWS Identity and Access Management (IAM) policies applied to IAM identities, session policies, Amazon S3 bucket and access point policies, and Virtual Private Cloud (VPC) endpoint policies. This setting applies to both new and existing objects in a bucket, and you can control access to this setting using IAM policies. With the new S3 Object Ownership setting, you can easily review, manage, and modify access to your shared data sets in Amazon S3 using only policies.
ACLs were the original way to control access in S3. Subsequently, IAM and policies were introduced for permission control across AWS resources. Now, by enabling the S3 Object Ownership feature, you can change how S3 performs access control for a bucket so that only IAM policies are used. S3 Object Ownership's new Bucket owner enforced setting disables ACLs for your bucket and the objects in it, and updates every object so that each object is owned by the bucket owner. When you apply this setting, ownership change happens automatically, and applications that write data to a bucket no longer need to specify any ACL. You can enable this setting for existing buckets or when you create a new bucket.
Amazon S3 Object Ownership is now available at no additional cost in all AWS Regions, including the AWS GovCloud (US) Regions, the AWS China (Beijing) Region, operated by Sinnet, and the AWS China (Ningxia) Region, operated by NWCD. You can configure S3 Object Ownership through the S3 console, AWS Command Line Interface (CLI), Amazon S3 REST API, AWS Software Development Kits (SDKs), or AWS CloudFormation. To learn more about S3 Object Ownership, visit the S3 User Guide or read the AWS News Blog.