Let’s say you have users in a finance group and users in a dev group and they both need to access specific parts of you bucket and only specific parts, well you can set up access points! Similar to how you attach a bucket policy to your bucket which can allow for scaling you can attach a policy to each of your access points, these access points are defined by a unique DNS name, that is how they are accessed as well. You can attach the access policy to your access point this allows you to define read and write access for specific users in their respective groups. Each access point will have its own unique DNS name. You have the option to make access access possible only through a VPC as well. As always feel free to comment if you have any questions at all!