By default, each object created in a bucket is owned by the root user of the account, this is known as the resource owner. S3 gives us the option to use two different models of permissions depending on the actions to be performed. To clarify this, use the next scenario.

A hosting company is proprietary of a storage bucket for their customers, and it wants to bring forward a confidential service in which the customer is the only owner of their objects, writing an ACL denegating all other user access, even root.

1. Enable public access to the object modifying its ACL in the origin bucket:

2. In the Public access group, check the Read object checkbox:

3. Let's validate the ACL replicated into the destination bucket:

Now it is possible to access the object via the DNS name in both regions, it is relevant to mention that every object in S3 is opaque, being that each extension and file type is meaningless. S3 is a service optimized to store vast amounts of data with high availability and amazing durability, so it does not have hierarchical capabilities like a regular file system. Imagine S3 as a considerable HashMap data structure as a service.