Bucket and Object ACLs, Bucket Policies and CORS
Estimated time to read: 2 minutes
Bucket and Object ACL Bucket Policies CORS
Bucket and Object ACLs
ACLs allow you to set permissions for both buckets and objects. You can control who can access the resources and what actions they can perform (e.g., read, write, delete).
- Bucket ACLs define who can access the entire bucket and perform actions like listing objects or creating objects within the bucket.
- Object ACLs define permissions for individual objects within the bucket, allowing more granular access control.
Bucket Policy
Bucket policies allow you to define rules that control who can access your bucket and what actions they can perform. Unlike ACLs, bucket policies offer more flexibility by supporting conditions like IP restrictions, user roles, and time-based access.
- Bucket policies apply to the entire bucket and its objects unless explicitly overridden.
- They can grant or deny permissions based on the requester's identity, actions, and request conditions.
Cross-Origin Resource Sharing (CORS)
Cross-Origin Resource Sharing (CORS) allows web applications running in one domain to access resources in a different domain. By default, web browsers block cross-origin requests for security reasons, but CORS lets you define exceptions to allow controlled cross-origin access to your buckets.
This is useful for:
- Web applications that need to fetch objects.
- API-based services that serve content to web clients.
- Static websites hosting assets (images, fonts, etc.) in buckets.
What Can You Do with CORS?
- Allow or restrict cross-origin requests from specific domains.
- Define permitted HTTP methods (GET, PUT, POST, DELETE, etc.).
- Control allowed headers that can be sent in requests.
- Specify caching behavior for preflight (OPTIONS) requests.