Posted On: Mar 14, 2023
Amazon S3 Access Points simplify data access for any Amazon Web Services service or customer application that stores data in S3 buckets. With S3 Access Points, you create unique access control policies for each access point to more easily control access to shared datasets. Now, bucket owners are able to authorize access via access points created in other accounts. In doing so, bucket owners always retain ultimate control over data access, but can delegate responsibility for more specific IAM-based access control decisions to the access point owner. This allows you to securely and easily share datasets with thousands of applications and users, and at no additional cost.
S3 Access Points help you more easily configure the right access controls for shared datasets, simplifying access management for multiple applications. Each access point has its own policy that defines which requests and VPCs are allowed to use the access point, customized for each application or use case. With cross-account access points, you can allow trusted accounts, such as the account administrator of a different team or a partner organization, to self-serve permissions for datasets. Additionally, you don't have to make continuous changes to a bucket policy for every permission change for applications or roles within these trusted accounts.
Cross-account access points are available in all Amazon Web Services Regions, including the Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, operated by NWCD. You can start using cross-account access points via the S3 Management Console, Amazon Web Services Command Line Interface (CLI), and Amazon Web Services SDKs. To learn more about S3 Access Points, visit the S3 documentation and S3 FAQs.