I have all my user permission needs covered using IAM, therefore I keep my bucket policy sections completely empty.
I was wondering if this is a good practice and if it raises any potential issues from any perspective.
Perhaps there is some configuration that is good to set as default?
Just double checking.
CodePudding user response:
Typically:
- When you want to grant 'public' access to an Amazon S3 bucket, use a Bucket Policy
- When you want to grant access to specific IAM Users, attach an IAM policy to the IAM Users or IAM Groups
It sounds like your needs are satisfied via IAM policies, so that's perfectly good (and actually preferable!).