Posted On: Jul 14, 2023
With Amazon S3 Inventory, you can now easily review your access control lists (ACLs) on all of your objects to simplify review of access permissions. ACLs were the original way to manage object access when S3 launched in 2006. Now, when migrating to IAM-based bucket policies for access control, you can easily review all of the object ACLs in your buckets before enabling S3 Object Ownership.
S3 Inventory provides a complete list of objects in a bucket and their corresponding metadata. The new Object ACLs fields include details about the object owner and the grantee along with their permission granted. You can activate reporting on object ACLs by editing existing S3 Inventory configuration in the AWS Management Console or API.
By enabling S3 Object Ownership, you can change how S3 performs access control for a bucket so that only IAM policies are used. S3 Object Ownership's ‘Bucket owner enforced’ setting disables ACLs for your bucket and the objects in it, and updates every object so that each object is owned by the bucket owner. We recommend that you carefully review your use of ACLs with inventory reports, migrate to IAM-based bucket policies, and then disable ACLs with S3 Object Ownership. For more information, see Controlling ownership of objects and disabling ACLs for your bucket.
Amazon S3 Inventory support for Object ACL is generally available at no additional charge in all AWS Regions, excluding the AWS GovCloud (US) Regions and AWS China Regions. To learn more, please visit Amazon S3 Inventory and Amazon S3 pricing.