S3 bucket owner

0

How can I find what user created an S3 bucket via mgmt console? If I select the bucket under Permissions all I see is Owner aws-acc-001. Thanks.

Edited by: bflone on Oct 25, 2019 8:27 AM

bflone
asked 5 years ago4133 views
2 Answers
0

Hi

The owner of a bucket or an object in a bucket is not an individual IAM user, but rather the AWS account to which that user belongs.

Refer to the link below:
https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-overview.html

About the Resource Owner

By default, all Amazon S3 resources are private. Only a resource owner can access the resource. The resource owner refers to the AWS account that creates the resource. For example:

  1. The AWS account that you use to create buckets and objects owns those resources.

  2. If you create an AWS Identity and Access Management (IAM) user in your AWS account, your AWS account is the parent owner. If the IAM user uploads an object, the parent account, to which the user belongs, owns the object.

  3. A bucket owner can grant cross-account permissions to another AWS account (or users in another account) to upload objects. In this case, the AWS account that uploads objects owns those objects. The bucket owner does not have permissions on the objects that other accounts own, with the following exceptions:

  4. The bucket owner pays the bills. The bucket owner can deny access to any objects, or delete any objects in the bucket, regardless of who owns them.

5.The bucket owner can archive any objects or restore archived objects regardless of who owns them. Archival refers to the storage class used to store the objects. For more information, see Object Life cycle Management.

If you particularly wish to track additional information against a bucket, you could add a Tag against the bucket to track this sort of information. However, this will not happen automatically you would be responsible for populating the Tag.

To determine who created a particular resource you would use Amazon Cloudtrail. It collects information about every API call including the user, IP address, timestamp and parameters passed.

Regards
Curt08

Curt08
answered 5 years ago
0

Thank you!

bflone
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions