Posted On: Nov 26, 2023

Amazon S3 Access Grants map identities in directories such as Active Directory, or AWS Identity and Access Management (IAM) Principals, to datasets in S3. This helps you manage data permissions at scale by automatically granting S3 access to end-users based on their corporate identity. Additionally, S3 Access Grants log end-user identity and the application used to access S3 data in AWS CloudTrail. This helps to provide a detailed audit history down to the end-user identity for all access to the data in your S3 buckets.

With just a few clicks in the AWS Console or a few lines of code using the AWS SDK, you can map S3 permissions to users and groups in an existing corporate directory, or to an AWS IAM User or Role. Then, as end-users are added and removed from directory groups, S3 permissions are automatically updated based on the end-user’s group membership. S3 Access Grants integrates with Amazon EMR and open source Spark so that you can enforce granular, job-based S3 access for a large fleet of pipeline jobs.

Amazon S3 Access Grants is available in all AWS Regions where AWS IAM Identity Center is available. For pricing details, visit Amazon S3 pricing. To learn more, refer to the documentation.