Issue link: https://read.uberflip.com/i/1191854
Amazon Web Services Navigating GDPR Compliance on AWS 10 Access to AWS Objects Resources To implement granular access to your AWS objects, you can grant different levels of permissions to different people for different resources. For example, you can allow only some users complete access to Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3), Amazon DynamoDB, Amazon Redshift, and other AWS services. For other users, you can allow read-only access to only some Amazon S3 buckets, permission to administer only some Amazon EC2 instances, or to access only your billing information. The following policy is an example of one method you can use to allow all actions on a specific Amazon S3 bucket and explicitly deny access to every AWS service that is not Amazon S3. Figure 2 – Limit management to a specific Amazon S3 bucket You can attach a policy to a user account or to a role. For other examples of IAM policies, see Example IAM Identity-Based Policies.