amazon web services - Only allow specific user access to s3 folder. make private to everyone else -


i have tried deny overall access, , give specific access provided user happens application. executing put , requests using aws service api.

i have tried following, since have deny on users, not let allowed user request though stated in policy.

ideally allow access specific group. tried using following , bucket policy wouldn't save stating 'invalid principal in policy - ' arn:aws:iam::222222222222:group/admin

i rather server private content on cloudfront , make s3 buckets private. option #2 http://docs.aws.amazon.com/amazoncloudfront/latest/developerguide/privatecontent.html

is there better way deny access except specified users?

{ "sid": "force deny access private folder", "effect": "deny", "principal": {   "aws": "*" }, "action": "s3:getobject", "resource": "arn:aws:s3:::bucket/apptest/*"

},

{   "sid": "allow s3 uplaod , conversion using aws-sdk",   "effect": "allow",   "principal": {     "aws": "arn:aws:iam::111111111111:user/user_name"   },   "action": [     "s3:getobjectversiontorrent",     "s3:abortmultipartupload",     "s3:getobjectacl",     "s3:getobjecttorrent",     "s3:restoreobject",     "s3:getobjectversion",     "s3:deleteobject",     "s3:deleteobjectversion",     "s3:getobject",     "s3:putobjectacl",     "s3:putobjectversionacl",     "s3:putobject",     "s3:getobjectversionacl"   ],   "resource": "arn:aws:s3:::bucket/apptest/*"}

my money answer question before monday on codementor.

stop using s3 policy , use iam instead.

http://blogs.aws.amazon.com/security/post/txpojby6fe360k/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resourc

if not, i'll see monday!


Comments

Post a Comment

Popular posts from this blog

jquery - How do you format the date used in the popover widget title of FullCalendar? -

Image
in fullcalendar, how format date used in popover widget title when clicking '+n more'? code: <div class="fc-popover fc-more-popover"> <div class="fc-header fc-widget-header"> <span class="fc-close fc-icon fc-icon-x"></span> <span class="fc-title">tuesday, april 7</span> ... </div> ... </div> you use daypopoverformat that. determines date format of title of popover created eventlimitclick option. must date formatting string. default value "dddd, mmmm d" english , "ll" other languages.
Read more

Bubble Sort Manually a Linked List in Java -

Image
this first question here. trying manually sort linked list of integers in java , can not figure out wrong code. suggestions? don't error, still have output unordered. tried few different ways, nothing worked. appreciate if can me that. public class node { int data; node nextnode; public node(int data) { this.data = data; this.nextnode = null; } public int getdata() { return this.data; } } // node class public class datalinkedlist implements datainterface { private node head; private int size; public datalinkedlist(){ this.head = null; this.size = 0; } public void add(int data) { node node = new node(data); if (head == null) { head = node; } else { node currentnode = head; while(currentnode.nextnode != null) { currentnode = currentnode.nextnode; } currentnode.nextnode = node; ...
Read more

asp.net mvc - SSO between MVCForum and Umbraco7 -

i need integrate sso between mvcforum (forum of company) , umbraco7 (manages cms company). however struggling shared authentication work. tried several ways suggested on other threads still not running expected. here did: 1. in mvcforum (forum.mywebsite.com) 1.1. machine key in web.xml: <machinekey validationkey="the same key umbraco7" decryptionkey="the same key umbraco7" validation="sha1" decryption="aes" /> 1.2. authenticate forms in web.xml <forms name="my-sso-auth" protection="all" path="/" timeout="43200" domain="forum.mywebsite.com" loginurl="/members/logon" enablecrossappredirects="true" /> 2. in umbraco7 (news.mywebsite.com) 2.1. machine key in web.xml: <machinekey validationkey="the same key mvcforum" decryptionkey="the same key mvcforum" validation="sha1" decryption="aes" /> 2.2. a...
Read more