Posted On: Mar 20, 2024

Amazon S3 Access Grants map identities in directories such as Active Directory, or Amazon Identity and Access Management (IAM) principals, to datasets in S3. This helps you manage data permissions at scale by automatically granting S3 access to end-users based on their corporate identity. Additionally, S3 Access Grants log end-user identity and the application used to access S3 data in Amazon CloudTrail. This helps to provide a detailed audit history down to the end-user identity for all access to the data in your S3 buckets. With just a few clicks in the console or a few lines of code using the Amazon SDK, you can map S3 permissions to users and groups in an existing corporate directory, or to an IAM user or role. Then, as end-users are added and removed from directory groups, S3 permissions are automatically updated based on the end-user’s group membership. S3 Access Grants integrates with Amazon EMR and open source Spark so that you can enforce granular, job-based S3 access for a large fleet of pipeline jobs.

Amazon S3 Access Grants is available in the Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, operated by NWCD. For pricing details, visit Amazon S3 pricing. To learn more, refer to the documentation.