New AWS Feature: Disable ACLs on S3 buckets to simplify access management

Aug 16, 2023

New AWS Feature: Disable ACLs on S3 buckets to simplify access management

Amazon S3 introduces a new S3 Object Ownership setting, Bucket owner enforced, that disables access control lists (ACLs), simplifying access management for data stored in S3. In this video I will show you how to disable Access Control Lists (ACLs) in your Amazon S3 buckets, so that the entire access management is controlled through IAM Policies.

✅ SUBSCRIBE TO THIS CHANNEL: http://bit.ly/dennistraub-youtube
✅ SHARE THIS VIDEO: • New AWS Feature: Disable ACLs on S3 b…

LINKS:
- What’s new on AWS feature announcement: https://aws.amazon.com/about-aws/what…
- AWS put-bucket-ownership-controls CLI command reference to automate this process: https://docs.aws.amazon.com/cli/lates…

Amazon Web Services (AWS) has just announced a new security feature for Amazon S3. You can completely turn of access control lists on your S3 buckets, and in this video I am going to show you how to do this, using the web-based AWS Management Console.

In 2006, more than 15 years ago, AWS launched its very first service, which literally was the birth of the cloud: Amazon Simple Storage Service, or Amazon S3, where customers could securely upload and store their files into so-called buckets.
To guard these files from unwanted access, they have been protected by access control lists, or ACLs.

But now, many more services have been introduced and AWS has created a broad and deep set of capabilities to authenticate users and control access to all kinds of resources: AWS Identity \u0026 Access Management, or IAM, has become the standard mechanism, using IAM Policies. And the old ACLs aren’t really used anymore by most of our customers.

If you don’t rely on these ACLs, - and to be honest, you shouldn’t, you should definitely use IAM wherever possible - you now have the option to completely turn them off.

I really recommend you do this for every S3 bucket in your accounts, just to make sure that some old ACLs and the recommended IAM Policies don’t get in each other’s way.
You can do this of course using the AWS Command Line Interface as well.
I’ll post a link to the reference in the description below.

ABOUT THIS CHANNEL
My name’s Dennis and I share tips to help you grow your Amazon Web Services (AWS) skills, build well-architected applications, and learn the best tools and skills required to help you on your cloud journey. If you’re a developer, business owner or hobbyist who is interested in learning about AWS and the cloud make sure to subscribe for helpful training videos.

I’m working at AWS as a Developer Advocate and Technical Evangelist, taking care of the builder community in Germany, Austria, and Switzerland. I’m AWS Certified (SA Pro, DevOps Pro, Security Specialist, and all Associate-level certifications) and have been actively developing for the cloud since 2011. During that time I’ve helped countless developers and businesses build their applications in the cloud through training, content, and consulting.

If you have any questions or want to request a topic or tutorial just leave a comment on any of my videos and I’ll see what I can do to answer it.

Thanks for watching, welcome to the cloud!

---
#AWSInFiveMinutesOrLess

Content

0.48 -> aws has just announced the new security

3.12 -> feature for amazon s3 you can completely

6.08 -> turn off access control lists on your s3

8.16 -> buckets and in this video i'm going to

9.92 -> show you how to do this using the

11.519 -> web-based aws management console

14.24 -> in 2006 more than 15 years ago aws

17.119 -> launched its very first service which

19.439 -> literally was the birth of the cloud

21.52 -> amazon's simple storage service or

23.439 -> amazon s3 where customers could securely

26.16 -> upload and store their files in

28.16 -> so-called buckets

29.76 -> to guard these files from unwanted

31.519 -> access they have been protected by

33.52 -> access control lists or acls

36.32 -> but now many more services have been

38.559 -> introduced and aws has created a broad

40.64 -> and deep set of capabilities to

42.399 -> authenticate users and control access to

44.96 -> all kinds of resources

46.8 -> aws identity and access management or

49.36 -> iam has become the standard mechanism

52.079 -> using iam policies and the old acls

55.44 -> aren't really used anymore by most of

57.28 -> our customers

58.879 -> if you don't rely on these acls and to

61.44 -> be honest you shouldn't you should

62.96 -> definitely use iam wherever possible you

65.92 -> now have the option to completely turn

67.52 -> them off

68.56 -> let's have a look and do this together

70.96 -> right now we're looking at my s3

72.56 -> dashboard

73.68 -> i'll open a bucket

76 -> select the permissions tab

78.159 -> and scroll down to this new section

79.92 -> called object ownership

82 -> right now acls are enabled and can be

84.479 -> used to set permissions for this bucket

86.32 -> and its objects

88.32 -> to turn them off for good let's click on

90.159 -> edit

91.119 -> right here you can see two options acls

93.68 -> enabled and acls disabled which i really

96.479 -> recommend if you don't have any legacy

98.32 -> applications running on aws that still

100.4 -> require them

102.079 -> click on it and save the changes

104.96 -> now when we scroll back down to the

106.64 -> section you can see that acls are

109.04 -> disabled

110.32 -> all objects in this bucket are owned by

112.399 -> this account which means that access to

114.72 -> this bucket and its objects is specified

117.2 -> only using policies

119.36 -> i really recommend you do this for every

121.52 -> s3 bucket in your account just to make

123.68 -> sure that some old acls and the

125.52 -> recommended im policies don't get in

127.92 -> each other's way

129.28 -> you can do this of course using the aws

131.2 -> command line interface as well i'll post

133.52 -> the link to the reference in the

134.879 -> description below please like this video

137.52 -> it only takes you a few seconds and you

139.44 -> would really help me reach more people

141.28 -> that want to learn about aws thanks for

143.84 -> watching i'll see you in the next one

Source: https://www.youtube.com/watch?v=CSmQ2TttjEw