All news with #amazon s3 tag

Amazon S3 Adds Attribute-Based Access Control (ABAC)

🏷️ Amazon S3 now supports attribute-based access control (ABAC) for general purpose buckets, allowing organizations to use bucket tags to automatically manage permissions. Instead of constantly editing IAM or bucket policies, administrators can create policies that reference bucket tags and grant access by adding or modifying tags. Enable ABAC with the S3 PutBucketAbac API and manage tags via TagResource/UntagResource; you can also require tags at bucket creation to enforce standards. The feature is available in all AWS Regions at no additional cost via the Console, REST API, CLI, SDK, and CloudFormation.

Amazon S3 Express One Zone Adds IPv6 for VPC Endpoints

🌐 Amazon now supports Internet Protocol version 6 (IPv6) addresses for S3 Express One Zone gateway VPC endpoints, enabling access over IPv6 or DualStack without additional translation infrastructure. This applies in all Regions where the storage class exists at no extra cost. You can enable IPv6 for new or existing endpoints via Console, CLI, SDK, or CloudFormation. See the S3 User Guide to get started.

AWS adds IPv6 for S3 Gateway and Interface VPC Endpoints

🌐 Amazon Web Services now supports IPv6 addresses for AWS PrivateLink Gateway and Interface VPC endpoints for Amazon S3. To enable IPv6 connectivity on new or existing S3 endpoints, set the IP address type to IPv6 or Dualstack; S3 will update route tables for gateway endpoints and provision ENIs with IPv6 for interface endpoints. IPv6 for S3 VPC endpoints is available in all AWS Commercial Regions and AWS GovCloud (US) Regions at no additional cost, and can be configured via the Console, CLI, SDK, or CloudFormation.

Amazon S3 Adds Tagging for S3 Tables (ABAC & Cost)

🔖Amazon S3 now supports tags on S3 Tables to enable attribute-based access control (ABAC) and cost allocation. Tags can be applied to table buckets and individual tables, letting you manage permissions for users and roles without frequent IAM or resource-policy updates. Tagging is available in all Regions where S3 Tables is offered and can be used via the Console, SDK, API, or CLI. Use tags to simplify governance and track costs.

Amazon S3 Access Grants Expand to Thailand and Mexico

🔒 Amazon S3 Access Grants are now available in the AWS Asia Pacific (Thailand) and AWS Mexico (Central) Regions. The feature maps corporate identities—such as Microsoft Entra ID or AWS IAM principals—to S3 datasets, enabling administrators to automate and scale dataset access. This reduces manual policy overhead and helps ensure consistent, auditable permissions. Check the AWS Region Table and product page for regional availability and details.

Amazon S3 Adds Conditional Copy Support for Writes

🔐 Amazon S3 now supports conditional copy operations via the CopyObject API, enabling verification of an object's existence or content in the destination bucket before copying. You can supply the HTTP If-None-Match header to ensure the destination object does not exist, or If-Match with an ETag to validate content prior to copy. Administrators can enforce these checks using s3:if-match and s3:if-none-match bucket policy condition keys. This capability is available at no additional charge in all AWS Regions and removes the need for additional client-side coordination or pre-copy validation calls.

Amazon RDS for SQL Server: KMS Encryption for Native Backups

🔐 Amazon RDS for SQL Server now supports encrypting native backup files (.bak) stored in Amazon S3 using server-side encryption with AWS KMS keys (SSE-KMS). By default, native backups remain encrypted with Amazon S3-managed keys (SSE-S3), and customers can opt to apply their own KMS key for additional protection and key control. To enable the feature, update the KMS key policy to grant the RDS backup service access and specify the parameter @enable_bucket_default_encryption in the native backup stored procedure. This capability is available in all AWS Regions where Amazon RDS for SQL Server is offered.

Amazon S3 Metadata Expands to Frankfurt, Ireland, Tokyo

🆕 Amazon has expanded S3 Metadata to three additional AWS Regions — Europe (Frankfurt), Europe (Ireland), and Asia Pacific (Tokyo). The service provides automated, near-real-time, queryable metadata for S3 objects, covering system-defined attributes (size, source, timestamps) and custom metadata via tags. Metadata is automatically populated for both new and existing objects, enabling faster discovery, curation, and use for analytics and real-time inference. With this release, S3 Metadata is generally available in six AWS Regions.

Amazon S3 Adds Conditional Deletes for General Buckets

🔒 Amazon S3 now supports conditional deletes in S3 general purpose buckets. You can include an HTTP If-Match header with an object's ETag when calling DeleteObject or DeleteObjects; S3 will only delete the object if the provided ETag matches, reducing accidental removals in high-concurrency, multi-writer environments. Administrators can also enforce conditional deletes using the s3:if-match bucket policy condition. The capability is available at no additional cost in all AWS Regions and accessible via the API, SDKs, and CLI.

AWS Backup adds option to exclude ACLs and ObjectTags

🔒 AWS Backup now lets you choose whether to include Access Control Lists (ACLs) and ObjectTags when backing up Amazon S3 buckets. Previously, these metadata elements were included for all objects by default; the new option lets administrators include only the metadata required for their recovery or compliance needs. This capability is available in all Regions where AWS Backup for Amazon S3 is offered; review pricing and regional availability on the AWS Backup pricing page.