amazon web services - Only allow specific user access to s3 folder. make private to everyone else -


i have tried deny overall access, , give specific access provided user happens application. executing put , requests using aws service api.

i have tried following, since have deny on users, not let allowed user request though stated in policy.

ideally allow access specific group. tried using following , bucket policy wouldn't save stating 'invalid principal in policy - ' arn:aws:iam::222222222222:group/admin

i rather server private content on cloudfront , make s3 buckets private. option #2 http://docs.aws.amazon.com/amazoncloudfront/latest/developerguide/privatecontent.html

is there better way deny access except specified users?

{ "sid": "force deny access private folder", "effect": "deny", "principal": {   "aws": "*" }, "action": "s3:getobject", "resource": "arn:aws:s3:::bucket/apptest/*"

},

{   "sid": "allow s3 uplaod , conversion using aws-sdk",   "effect": "allow",   "principal": {     "aws": "arn:aws:iam::111111111111:user/user_name"   },   "action": [     "s3:getobjectversiontorrent",     "s3:abortmultipartupload",     "s3:getobjectacl",     "s3:getobjecttorrent",     "s3:restoreobject",     "s3:getobjectversion",     "s3:deleteobject",     "s3:deleteobjectversion",     "s3:getobject",     "s3:putobjectacl",     "s3:putobjectversionacl",     "s3:putobject",     "s3:getobjectversionacl"   ],   "resource": "arn:aws:s3:::bucket/apptest/*"}

my money answer question before monday on codementor.

stop using s3 policy , use iam instead.

http://blogs.aws.amazon.com/security/post/txpojby6fe360k/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resourc

if not, i'll see monday!


Comments

Post a Comment

Popular posts from this blog

asp.net mvc - SSO between MVCForum and Umbraco7 -

i need integrate sso between mvcforum (forum of company) , umbraco7 (manages cms company). however struggling shared authentication work. tried several ways suggested on other threads still not running expected. here did: 1. in mvcforum (forum.mywebsite.com) 1.1. machine key in web.xml: <machinekey validationkey="the same key umbraco7" decryptionkey="the same key umbraco7" validation="sha1" decryption="aes" /> 1.2. authenticate forms in web.xml <forms name="my-sso-auth" protection="all" path="/" timeout="43200" domain="forum.mywebsite.com" loginurl="/members/logon" enablecrossappredirects="true" /> 2. in umbraco7 (news.mywebsite.com) 2.1. machine key in web.xml: <machinekey validationkey="the same key mvcforum" decryptionkey="the same key mvcforum" validation="sha1" decryption="aes" /> 2.2. a
Read more

Python Tkinter keyboard using bind -

i have problem using bind option can click button in keyboard, , call function once key pressed. tried taking other codes have similar purpose , saw i'm doing pretty same, though still have problem must've missed. thankful if me this. here's code: # -*- coding: utf-8 -*- #imports tkinter import * pil import imagetk, image import time import tkmessagebox #===========================================================================================================================================# #tkinter class class app(frame): def __init__(self, master=none): frame.__init__(self, master) self.pack() #===========================================================================================================================================# #game pieces classes class board: def __init__(self, rows = 7, columns = 6, picture_height = none, picture_width = none): self.rows = rows self.columns = columns self.picture
Read more

ubuntu - Selenium Node Not Connecting to Hub, Not Opening Port -

i'm trying set demo selenium grid. have digital ocean ubuntu 14.02 droplet. (i have 2 , tried set using 2 different machines got nowhere.) i'm trying run hub , node both locally. here input both hub, node, , nmap results. https://gist.github.com/mekhami/d5bbecca5ff0de9d2dc9 so, node starting tcp connection reset , port it's supposed operate on closed. i have had no luck in number of different options , configurations work. but... of course, worked randomly once. don't know why, don't know did, know 1 brief moment, node connected , saw on grid console. tried run test , went down again , i've never seen come up. please let me know more information can provide. update: randomly came online again. don't know happened, might related timeout or time_wait or going on. this because vm/server not have enough entropy available. to resolve problem, install haveged (or other similar things). the instructions of how install haveged on ubu
Read more