Amazon S3 Access Grants

S3 Access Grants build on top of AWS Identity Center’s Trusted Identity Propagation capability and allow S3 to authenticate and authorize directly against directory users and groups. By integrating with AWS Identity Center, S3 Access Grants support a wide range of popular identity providers such as Entra ID, Okta, Ping, OneLogin, and more.

With enhanced integrations with CloudTrail, end-user access to S3 via S3 Access Grants is auditable in CloudTrail down to the directory user identity.

You can use S3 Access Grants to scale your S3 permissions to enforce granular S3 permissions. With S3 Access Grants, you can define S3 access in an intuitive grant style up to 100,000 grants per Region per account, only giving users and applications the S3 data they need.

You might have a data lake stack that includes S3 along with other popular analytics products like Amazon Redshift, Databricks, and Snowflake. S3 Access Grants integrate with Immuta and Informatica so you can centrally manage your S3 permissions.

Immuta helps organizations unlock value from their data by providing an integrated platform for sensitive data discovery, access control enforcement, and access behavior analysis and remediations.

“The Immuta Data Security Platform allows our customers to simplify, centralize, and enforce access control policies across cloud data platforms. With the new S3 Access Grants capability built in, Immuta customers can now define S3 permissions and leverage Immuta’s ‘write once, apply everywhere’ approach with attribute-based access control (ABAC), drastically reducing the number of policies required. With this approach, you can democratize and increase data usage while meeting global compliance standards.”

Mo Plassnig, Chief Product Officer - Immuta

AWS Storage Blog: How to enforce Amazon S3 Access Grants with Immuta »

Informatica Intelligent Data Management Cloud, built on AWS is an AI powered end-to-end data management platform that connects, manages, and unifies data across any multi-cloud hybrid system, democratizing data and enabling AWS customers to modernize and redefine their data and AI strategies and experiences.

“The integration between Informatica's Data Access Management and Cloud Data Marketplace capabilities, together with Amazon S3 Access Grants, will further simplify self-service access to data in data lakes built on Amazon S3. It will enable different personas within an enterprise data community to easily share and deliver data products with Informatica’s marketplace into Amazon S3, with centrally managed security and privacy controls in place, and in accordance with modern data governance principles.”

Brett Roscoe, SVP, Product Development - Informatica

AWS Storage Blog: Streamline data sharing and access control with Informatica Cloud Data Marketplace and Amazon S3 Access Grants »

Booking.com is one of the world’s leading online travel platforms, connecting travelers with the widest selection of places to stay, experiences and attractions as well as a range of transportation options from flights, car rentals and taxis.

“We are on a journey to migrate Booking.com’s multi-petabyte on-prem analytics and machine learning ecosystem to a set of cloud native products and services built on top of AWS. With Amazon S3 Access Grants, we aim to enforce strong governance over the entirety of our data lake for both structured and unstructured data, irrespective of the technology the data consumers of the platform choose to access and modify the data on S3. The APIs and data model of S3 Access Grants make it easy to build automation to manage S3 access at scale, while hiding a lot of the complexity for end-users, who simply receive a standard STS token to access and modify only the data they need.”

Luca Falsina, Principal Software Engineer I, and Abhro Bhaduri, Senior Product Manager, Data and Machine Learning Platform - Booking.com