AWS S3 Bucket Policy vs IAM - What's the Difference?

Very Useful, thank you!

Thanks for this amazing tutorial. I have a question for you with respect to the cross-account S3 bucket access. If the root user on account B has got access to the S3 bucket sitting on account A then will that make any role of account B access to this bucket (on account A) if the access was given on the role by account B

I get a principal error when trying to add a bucket policy which gives access to a bucket from a different amazon account and role on that account. The other person does not want to assume a role I created them in my iam they just want access from their account and role added directly on the bucket policy

very well explained. thanks

Thanks for the tutorial. Really helped me a lot what I wanted to do. 👍

Hello. I want to deny GetObject for all users in minio, but it doesn't work. Here is a bucket policy. {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::my-bucket/*"
]
}
]
} And user has readwrite policy. {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}.

thank you

Very nicely explained. Thanks for the effort you have put in making such videos.

Super helpful resource thanks!! 😊

Thank you! Very clear explanation.

Oh Canada! Is there really a “zed” in “reZources”? 😊

Thanks for this video.

Very clearly explained. ***

Cool! nice tutorial thanks !

Awesome as always

I have a question, but first, very good. I was never told before that the principal field goes just with S3 policies.
On to the question, if we're allowed to act on a bucket, can't we operate on its objects as well? In your example you gave access to both bucket and objects.

Be A Better Dev: Daniel, this is so timely for me! On my current project, I'm literally in the middle of creating a lambda to trigger off of s3:CreateObject events which then invokes a step function! Love your explanations of AWS concepts, they're super clear and concise. ❤ AWS's IAM docs are hopeless. 😩

If i give permission to s3 bucket in bucket policy to a user but no in IAM policy, can the user access the s3 bucket?