Creating a Bucket Policy:

You use the AWS Policy Generator to generate a Bucket Policy. There are several examples online and Amazon has a ton of examples.

Allow viewing & downloading of S3 objects directly via a browser. If, for example, you send attachments via email and also want to link to them on S3.

AWS is so full of its own jargon at this point - set an S3 bucket policy and ACL, but make sure you have the right IAM key, and also CORS doesn't conflict. And that's just for S3. Don't even look at Route 51.

Everything you know about Unix server administration has been reinvented on AWS with slightly different names and parameters, so none of the knowledge is transferrable outside of Amazon's infrastructure. Heavy lock-in. I don't like it.