Cross-account S3 permissions

Feb 20, 2018 · Mountain View, United States of America


6:00 PM - Refreshments and networking.
6:30 PM - Introductions and announcements
6:40 PM - Cross-account S3 permissions

7:30 PM - Conclude presentation. Network till you drop.
8:00 PM - Vacate the premises

Feature Presentations

1. Cross-account S3 permissions using Bucket Snake (


Bucket Snake aims to help alleviate cross-account S3 permissions by provisioning the proper IAM access that an application would need to access an S3 bucket.

Cross-account S3 access is challenging due to the permission model of S3. S3 has the concept of an "object owner" and a "bucket owner". When these are the same, S3 access is straightforward -- but when they are different, then access becomes challenging as you need to place ACLs on each and every object to permit new AWS accounts access. This becomes hard to scale. To resolve this, Bucket Snake will create app-specific IAM roles in the accounts that S3 buckets reside in. It permits the application AssumeRole access to those roles. The application then assumes those roles to perform the S3 access. This permanently resolves cross-account issues, as it enforces the same ownership for buckets and objects.

This consists of a Lambda function that creates all the roles, and a client that is aware of the role-assumption requirements.


Mike Grima is Senior Cloud Security Engineer at Netflix. He works on the Security Tools and Operations Team and develop solutions to implementing security on Netflix's very large AWS infrastructure.

Presence Sponsor: AWS

Food and Space Sponsor: Intuit (

Intuit is hiring ( Intuit is a great place to work.

Want to be a speaker?

That said, we are always looking for new speakers and new topics. Do you want to present a topic ( at one of our meetups? Sign up here as a speaker! (

Want to be a Sponsor?

Interested in promoting your company and brand. Sponsor our meetup. It's quick, easy, and profitable! (

Event organizers
  • Amazon Web Services - Bay Area

    Amazon Web Services Meetup - Bay Area The purpose of this group is to help members improve their knowledge of AWS. Everyone is encouraged to participate in discussions, suggest, sponsor, promote and attend meetups. You should join if you are already using AWS or if you are planning to use AWS. There is always something you can contribute and something you can learn. Tweet? #awsba That said, we are also gung ho about Docker and serverless everything.

    Recent Events

Are you organizing Cross-account S3 permissions?

Claim the event and start manage its content.

I am the organizer

based on 0 reviews