Sharing #

For auditing purposes, you need to grant another account read access to the bucket named “my-secret-bucket” as well as all the files it contains.

At first, you need the account’s ID you want to grant read access to your bucket. This account ID is a string of alphanumeric characters and not the access key or secret access key. For example, similar to the one we’ll use in the example below: 1y283839303033x.

Policy #

In order to grant that account read access, the following policy must be used. Take a look at the Action and Effect contained in the policy as they have an impact on what the other account can do.


Multiple Users #

In order to grant access to multiple users, the Principal in the policy has to be adjusted like so:

  "Principal": {
    "CanonicalUser":["first-id", "second-id"]