The bucket policy grants permissions to any user at an IP address or range to perform operations on objects in the affected bucket. When granting permissions, you decide who is getting them, which Amazon S3 resources they are getting permissions for, and specific actions you want to allow on those resources. Buckets and objects are primary Amazon S3 resources and, by default, all Amazon S3 resources are private. A bucket owner can then grant permissions to their S3 resources.
There are a number of ways to grant permission, including a bucket policy, IAM roles, or ACLs. Currently, the affected bucket policy grants permissions to any user at an IP address or range to perform operations on objects in the affected bucket. This doesn’t allow for deterministic control at a user level of who can access or change your S3 bucket.
Consider using other methods to grant permission to perform operations on your S3 buckets. You can add a bucket policy to grant other AWS accounts or IAM users permissions for the bucket and the objects in it. You can use AWS Identity and Access Management (IAM) to manage access to your Amazon S3 resources. Using IAM, you can create IAM users, groups, and roles in your account and attach access policies to them granting them access to AWS resources including Amazon S3. You can also consider more creative methods to grant access, such as granting permissions to multiple accounts with added conditions, granting read-only permission to an anonymous user, restricting access to a specific HTTP referrer, granting permission to an Amazon CloudFront origin identity, as well as adding a bucket policy to require MFA authentication. http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html https://blogs.aws.amazon.com/security/post/TxPOJBY6FE360K/IAM-policies-and-Bucket-Policies-and-ACLs-Oh-My-Controlling-Access-to-S3-Resourc