Firstly, do not confuse ACLs with Network Access Control Lists (NACLs), which are used to control network traffic (discussed later in this chapter). ACLs are used in Amazon S3 and act much like resource-based policies, as these ACLs can be attached to buckets. They can also be attached to S3 objects, whereas bucket policies (discussed later in this chapter) can’t. However, ACLs are used only to control cross-account access from a different AWS account or public access.
When configuring your ACLs, you have a number of options as to who can access the object or bucket via an ACL:
- Access for other AWS Accounts: Using this option, you can enter the email address of the account owner or the canonical ID of the AWS account.
- Public Access: This is a pre-configured S3 group created by AWS and allows anyone with internet access to have access to your object. This should be used with extreme caution and should only be used if necessary. Ensure...