Amazon S3 Access Grants

Manage S3 permissions for directory users and groups

Amazon S3 Access Grants map identities in directories such as Microsoft Entra ID, or Amazon Identity and Access Management (IAM) principals, to datasets in S3. This helps you manage data permissions at scale by automatically granting S3 access to end-users based on their corporate identity. Additionally, S3 Access Grants log end-user identity and the application used to access S3 data in Amazon CloudTrail. This helps to provide a detailed audit history down to the end-user identity for all access to the data in your S3 buckets.


Manage S3 permissions for directory users and groups

S3 Access Grants build on top of Amazon IAM Identity Center’s Trusted identity propagation capability and allow S3 to authenticate and authorize directly against directory users and groups. By integrating with IAM Identity Center, S3 Access Grants support a wide range of corporate identity providers such as Entra ID, Okta, or any other external identity provider.

End-user auditability

With enhanced integrations with CloudTrail, end-user access to S3 via S3 Access Grants is auditable in CloudTrail down to the directory user identity.

Scale Amazon S3 permissions

You can use S3 Access Grants to scale your S3 permissions to enforce granular S3 permissions. With S3 Access Grants, you can define S3 access in an intuitive grant style up to 100,000 grants per Region per account, only giving users and applications the S3 data they need.

Start to Build for Free with Amazon Web Services

Start to Build for Free with Amazon Web Services

Hot Contact Us

Hotline Contact Us

1010 0766
Beijing Region
Operated By Sinnet
1010 0966
Ningxia Region
Operated By NWCD