Overview
Amazon S3 Access Grants map identities in directories such as Active Directory, or AWS Identity and Access Management (IAM) Principals, to datasets in S3. This helps you manage data permissions at scale by automatically granting S3 access to end-users based on their corporate identity. Additionally, S3 Access Grants log end-user identity and the application used to access S3 data in AWS CloudTrail. This helps to provide a detailed audit history down to the end-user identity for all access to the data in your S3 buckets.
Benefits
Customers and partners
-
Immuta
Immuta helps organizations unlock value from their data by providing an integrated platform for sensitive data discovery, access control enforcement, and access behavior analysis and remediations.
AWS Storage Blog: How to enforce Amazon S3 Access Grants with Immuta
-
Informatica
Informatica Intelligent Data Management Cloud, built on AWS is an AI powered end-to-end data management platform that connects, manages, and unifies data across any multi-cloud hybrid system, democratizing data and enabling AWS customers to modernize and redefine their data and AI strategies and experiences.
-
Booking.com
Booking.com is one of the world’s leading online travel platforms, connecting travelers with the widest selection of places to stay, experiences and attractions as well as a range of transportation options from flights, car rentals and taxis.
Resources
Solving large-scale data access challenges with Amazon S3
As you build a data lake or shared datasets on Amazon S3, managing access is essential. You need strong guardrails that protect your data. Within your organization, you require granular access control for your data with strong controls around authentication, authorization, encryption, and auditing. Watch this video to learn about common and successful patterns for implementing your access controls at varying levels of granularity and scale to maintain tight control over your data.