Controlling access to metadata tables - Amazon Simple Storage Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Controlling access to metadata tables

To control access to your Amazon S3 metadata tables, you can use Amazon Identity and Access Management (IAM) resource-based policies that are attached to your table bucket and to your metadata table. In other words, you can control access to your metadata tables at both the table bucket level and the table level.

For more information about controlling access to your table buckets and tables, see Access management for S3 Tables.

Important

Make sure that you don't restrict Amazon S3 from writing to your table bucket or your metadata table. If Amazon S3 is unable to write to your table bucket or your metadata table, you must create a new metadata table by deleting your metadata table configuration and then creating a new configuration.

You can also control access to the rows and columns in your metadata table through Amazon Lake Formation. For more information, see Managing Lake Formation permissions and Data filtering and cell-level security in Lake Formation in the Amazon Lake Formation Developer Guide.