Amazon S3 now supports attribute-based access control

Amazon S3 supports attribute-based access control (ABAC) for S3 general purpose buckets. In addition to using tags on your S3 buckets for cost allocation, you can now use them for ABAC to automatically manage permissions to your data. This helps eliminate frequent AWS Identity and Access Management (IAM) or bucket policy updates as your organization grows, simplifying how you govern access at scale. With ABAC support, Amazon S3 automatically evaluates tag based conditions in your policies before granting access to your data. For example, create an IAM policy that references tags on your buckets, then grant users and roles access simply by adding or modifying tags to new or existing buckets. To get started, enable ABAC on your bucket using the S3 PutBucketAbac API and manage tags through the S3 TagResource and UntagResource APIs. You can also require that users add specific tags at the time of bucket creation to set consistent tagging standards across your organization. ABAC support for S3 general purpose bucket is available in all AWS Regions at no additional cost via the AWS Management Console, S3 REST API, AWS CLI, AWS SDK, and AWS CloudFormation. To learn more about using tags for access control in S3 general purpose buckets, read our [blog,](https://aws.amazon.com/blogs/aws/introducing-attribute-based-access-control-for-amazon-s3-general-purpose-buckets/) or visit the [S3 User Guide](https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging-enable-abac.html).