Posted On: Nov 30, 2022
Amazon S3 Access Points simplify data access for any AWS service or customer application that stores data in S3 buckets. With S3 Access Points, you create unique access control policies for each access point to more easily control access to shared datasets. Now, bucket owners are able to authorize access via access points created in other accounts. In doing so, bucket owners always retain ultimate control over data access, but can delegate responsibility for more specific IAM-based access control decisions to the access point owner. This allows you to securely and easily share datasets with thousands of applications and users, and at no additional cost.
S3 Access Points help you more easily configure the right access controls for shared datasets, simplifying access management for multiple applications. Each access point has its own policy that defines which requests and VPCs are allowed to use the access point, customized for each application or use case. With cross-account access points, you can allow trusted accounts, such as the account administrator of a different team or a partner organization, to self-serve permissions for datasets. Additionally, you don't have to make continuous changes to a bucket policy for every permission change for applications or roles within these trusted accounts.