
Amazon S3 Inventory now includes object ACL metadata, enabling customers to audit and migrate access permissions from ACLs to IAM policies and bucket policies more cost-effectively.


<div><p>This article explains how to use Amazon S3 Inventory reports to audit and disable Access Control Lists (ACLs) by migrating to IAM policies and bucket policies.</p><ul><li>S3 Inventory reports now include object ACL metadata in JSON format</li><li>ACLs displayed with owner, grantee, and permission information</li><li>Use Athena to query inventory and identify objects with specific ACL permissions</li><li>Migrate cross-account ACL access using IAM roles and S3 bucket policies</li><li>Disable ACLs after validating all permissions work via policies</li><li>Cost-effective alternative to API calls for auditing ACL usage at scale</li></ul><p>This enables customers to audit existing ACLs, migrate permissions to policies, and disable ACLs safely without disrupting applications.</p></div>


Related articles