A private bucket means that you need to explicitly give access to the bucket and objects for the users or roles. After giving the access, users or roles can use the S3 APIs, like the GetObject to access them, with their own credentials, even cross-account. Note that you can leverage Amazon Cognito to give access to external users as they will have a role attached after login. These accesses can be for the whole bucket or for specific objects. See bucket policies and user policies.
If you end user doesn't have an AWS Credential, you can create a pre-signed url to give temporary access to the object.
Amazon Cognito identity pools provide temporary AWS credentials for users who are guests (unauthenticated) and for users who have been authenticated and received a token. You can implement this for accessing specific objects with in s3 and based on attributes . https://docs.aws.amazon.com/cognito/latest/developerguide/identity-pools.html
Can we generate a custom URL to access the s3 bucket object lifetime?asked 4 months ago
S3 Bucket Public Access Settingsasked 3 years ago
How to download S3 file through Multi-Region Access Point (MRAP) using the AWS CLI?asked 8 months ago
S3 access private fileasked 3 months ago
Restrict access to s3 bucketAccepted Answerasked 3 months ago
Correct process for configuring S3 bucket so ONLY Cloudfront can access?asked 3 years ago
Access to Public S3 within private subnet in VPC without Internetasked 3 years ago
Is it possible to use a private S3 bucket for an OIDC provider?asked 3 months ago
Private S3 bucket and http referer policy for a Wordpress site not workingasked 2 years ago
AWS: s3 bucket policy does not give IAM user access to upload to bucket, throws 403 errorasked 10 months ago