Access Control List (ACL)
A set of rules that determines which users or systems can access certain resources in AWS.
Description
In the context of AWS, an Access Control List (ACL) is a list of permissions attached to an object that defines which users or services can access it and what actions they can perform. ACLs are commonly used with Amazon S3 buckets, enabling fine-grained control over the access rights of individual users or groups. Each entry in an ACL consists of a grantee and a permission type (e.g., read, write, read ACL, write ACL). For instance, a public ACL can be set to allow everyone to read objects in a specific S3 bucket, while a private ACL restricts access to only the owner of the bucket. ACLs are particularly useful for managing shared resources across different AWS accounts or for granting temporary access to specific users without altering the bucket policies. However, while ACLs provide a basic level of access control, AWS recommends using IAM policies for more complex permission structures, since they offer greater flexibility and manageability for larger environments.
Examples
- An S3 bucket configured with an ACL that allows read access to a specific user, enabling them to download files.
- A network ACL applied to a VPC that permits or denies specific IP addresses from accessing certain subnets.
Additional Information
- ACLs are evaluated before IAM policies, meaning that if access is denied by an ACL, IAM permissions cannot override that denial.
- AWS provides both bucket ACLs and object ACLs, allowing granular control over both the buckets themselves and the individual files within them.