Amazon S3 Inventory’s capability to include access control lists (ACLs) as object metadata in inventory reports is now available in AWS GovCloud (US) Regions. This allows you to easily review ACLs on all of your objects to simplify review of access permissions. ACLs were the original way to manage object access when S3 launched in 2006. Now, when migrating to IAM-based bucket policies for access control, you can easily review all of the object ACLs in your buckets before enabling S3 Object Ownership.
S3 Inventory provides a complete list of objects in a bucket and their corresponding metadata. The Object ACLs fields include details about the object owner and the grantee along with their permission granted. You can now activate reporting on object ACLs by editing existing S3 Inventory configurations in the AWS Management Console or API.
By enabling S3 Object Ownership, you can change how S3 performs access control for a bucket so that only IAM policies are used. S3 Object Ownership’s ‘Bucket owner enforced’ setting disables ACLs for your bucket and the objects in it, and updates every object so that each object is owned by the bucket owner. We recommend that you carefully review your use of ACLs with inventory reports, migrate to IAM-based bucket policies, and then disable ACLs with S3 Object Ownership. For more information, see Controlling ownership of objects and disabling ACLs for your bucket.
Amazon S3 Inventory support for Object ACL is generally available at no additional charge in all AWS Commercial and AWS GovCloud (US) Regions, where Amazon S3 Inventory is available. To learn more, please visit Amazon S3 Inventory and Amazon S3 pricing.
Source:: Amazon AWS