Amazon S3 Access Grants simplify authentication when using both IAM and Identity Provider permissions
Amazon S3 Access Grants now authenticate based on the union of both Identity Provider (IdP) and AWS Identity and Access Management (IAM) permissions. This means customers can use AWS machine learning and analytics services such as Amazon SageMaker Unified Studio, Amazon Redshift, and AWS Glue to request access to their S3 data, and S3 Access Grants will grant access to their data after evaluating both their IdP and IAM permissions.
Now, S3 Access Grants evaluate both IAM and IdP permissions so you no longer have to choose between identity contexts when requesting access to S3. With just a few clicks in the AWS Management Console or a few lines of code using the AWS SDK, you can map S3 permissions to users and groups in an existing corporate directory, such as Entra ID and Okta, or to an IAM user or role. S3 Access Grants automatically update S3 permissions based on end user group membership as users are added and removed from groups in the IdP.
Amazon S3 Access Grants are available in all AWS Regions where AWS IAM Identity Center is available. For pricing details, visit Amazon S3 pricing. To learn more about S3 Access Grants, visit the S3 User Guide.