Posted On: Nov 30, 2022

Amazon S3 Access Points simplify data access for any AWS service or customer application that stores data in S3 buckets. With S3 Access Points, you create unique access control policies for each access point to more easily control access to shared datasets. Now, bucket owners are able to authorize access via access points created in other accounts. In doing so, bucket owners always retain ultimate control over data access, but can delegate responsibility for more specific IAM-based access control decisions to the access point owner. This allows you to securely and easily share datasets with thousands of applications and users, and at no additional cost.

S3 Access Points help you more easily configure the right access controls for shared datasets, simplifying access management for multiple applications. Each access point has its own policy that defines which requests and VPCs are allowed to use the access point, customized for each application or use case. With cross-account access points, you can allow trusted accounts, such as the account administrator of a different team or a partner organization, to self-serve permissions for datasets. Additionally, you don't have to make continuous changes to a bucket policy for every permission change for applications or roles within these trusted accounts. 

Cross-account access points are available in all commercial AWS Regions and the AWS GovCloud (US) Regions via the AWS Command Line Interface (CLI) and AWS SDKs. To learn more about S3 Access Points, visit the S3 documentation, S3 Access Points product page, and S3 FAQs.