What IAM permissions would make an S3 file publicly accessible?

Question

Is there a way to use an AWS IAM policy to make S3 files public?

I realize that S3 has ACL permissions as well as Bucket Policies. If those are my only options then I am certainly willing to use those options. However, I would prefer to use IAM policies to control permissions if at all possible.

As I understand them, IAM policies affect user, groups, and roles. This being the case, it seems that "anonymous user" (aka the general unauthenticated public) is not an option in IAM policy making.

Is it even possible (or appropriate) to use IAM to make S3 files public?

Answer 1

You have almost answered your own question. IAM can dictate only the users with AWS account. Anonymous users do not fall under its landscape.

For making S3 files publicly accessible, you have to set the permissions on S3 level only.