AWS: Amazon Quick — document-level access control for S3 knowledge bases with deny-by-default and ALLOW/DENY rules

AWS published on May 15, 2026 a detailed implementation of document-level access control for Amazon Quick S3 knowledge bases. The announcement addresses one of the biggest enterprise RAG problems: how to ensure different users receive different knowledge base responses based on their access rights, without splitting the knowledge base into multiple separate indexes.

What is the difference between the global ACL and document-level metadata approach?

AWS offers two configuration methods:

• Global ACL file — a centralized JSON document that specifies folder-level permissions for the entire knowledge base. Ideal for stable organizational structures where access rules are mostly constant (e.g. “HR folder is accessible to HR group”). Changing rules requires a single update.
• Document-level metadata files — individual .metadata.json files alongside each document. Ideal for frequently changing permissions (e.g. project documents where the access list changes per project). Changing rules requires updating the specific metadata file.

Users can combine both approaches in the same knowledge base — global ACL for baseline and document-level overrides for exceptions.

How does the deny-by-default model work?

The system uses deny-by-default behavior that prevents accidental exposure: a document is blocked unless there is an explicit ALLOW rule authorizing the user. The approach is more secure than optimistic models where documents are open by default and must be explicitly blocked.

The system supports both ALLOW and DENY policies at user and group level. When conflicts exist — e.g. a user is in a group with ALLOW but a user-level DENY exists — DENY always wins. This enables fine-grained control where an admin can block an individual user within an otherwise permitted group without restructuring the entire permission scheme.

What does IAM integration add?

Beyond document-level ACLs, AWS documentation covers using IAM policy assignment to restrict which S3 buckets users can use for knowledge base creation. The approach prevents unauthorized bypass of ACL controls — without an IAM gate, a user could create their own knowledge base over a bucket they do not have access to and skip document ACL rules.

What verification methods does AWS recommend?

Two ways to confirm access controls are working:

• Chat-based testing — a user with a different identity asks questions that require protected documents and checks whether the answer includes blocked content
• Flow-aware automation — an automated workflow that respects document-level access rights at every phase, not only at the final retrieve

Position in the broader enterprise RAG security stack

The announcement is part of AWS’s week of daily enterprise RAG security releases: AWS+Cisco MCP/A2A AI Registry (14.5., agent scanning), AWS EU AI Act FLOPs Meter (13.5., compliance), AWS Pulse AI financial documentation (14.5., domain-specific). Amazon Quick ACL manages the read-side problem — which users see which content in RAG responses. This complements Bedrock Guardrails which manages the generation-side problem — which topics AI is allowed to address at all.