what is acl in aws

1 year ago 31
Nature

ACL stands for Access Control List. It is a resource-based option that allows you to manage access to your buckets and objects in Amazon S3. Each bucket and object has an ACL attached to it as a subresource, which defines which AWS accounts or groups are granted access and the type of access. ACLs can be used to grant basic read/write permissions to other AWS accounts, but there are limits to managing permissions using ACLs. For example, you can grant permissions only to other AWS accounts; you cannot grant permissions to users in your account. You cannot grant conditional permissions, nor can you explicitly deny permissions.

In addition to Amazon S3, network ACLs are also used in Amazon Virtual Private Cloud (VPC) to allow or deny specific inbound or outbound traffic at the subnet level. Web access control lists (web ACLs) are used in AWS WAF to give fine-grained control over all of the HTTP(S) web requests that your protected resource responds to.

It is worth noting that a majority of modern use cases in Amazon S3 no longer require the use of ACLs. AWS recommends that you keep ACLs disabled, except in unusual circumstances where you need to control access for each object individually. With ACLs disabled, you can use policies to control access to all objects in your bucket, regardless of who uploaded the objects to your bucket.