If an ACL, roles, and a bucket policy are used at the same time and their authorization conflicts, the authorization priorities come as the bucket policy, roles, and the ACL.

If a bucket policy and an IAM policy are applied to an account together, an explicit deny overrides allows, and an allow overrides default denies.

Cross-tenant authorized access cannot be implemented for SSE-KMS-encrypted objects using the bucket ACL or policy.

last updated: 2024-09-09 10:59 UTC - commit: d158bb08a6e3e0b54b12c9f1b034e5889067f7ae

Contact
Data privacy
Disclaimer of liabilitys
Imprint