Amazon s3 access control
22
AWS S3 Access Control Wei De
-
Upload
option0417 -
Category
Technology
-
view
134 -
download
1
description
An survey for access control of Amazon S3
Transcript of Amazon s3 access control
AWS S3 Access ControlWei De
Scenario 1
People want share something interest with each others.
Hey~
What’s up~
Let me show something for you.
18
WTF !!
Scenario 2
Office workers need share information to the customer or colleague.
Here’s attachment for your reference.
ok~
thanks~
Scenario 3
Administrator needs to assign permission to someone.
ABC Inc.Put
Get
Put
Get
Put
Get
Put
Get
Put
Get
User story 1As a guest or blocked-user, I can't do anything with file.
As a user, I can download file from S3.
As a user, I can upload file to S3.
User story 2As a Group-user, I can download file in my group.
As a Group-user, I can upload file in my group.
User story 3As a Group Admin, I can assign download permission to user who is in my group.
As a Group Admin, I can take back the download permission from user who is in my group.
User story 4As a Group Admin, I can assign download permission to user who is in my group.
As a Group Admin, I can take back the download permission from user who is in my group.
User story 5As a Group Admin, I can assign upload permission to user who is in my group.
As a Group Admin, I can take back upload permission form user who is in my group.
User story 6As a user in Chat-room, I can upload file to others in same chatroom.
As a user in Chat-room, I can download file from others in same chatroom.
LimitationGroups per AWS account: 100
Users per AWS account: 5000
Number of groups per user: 10
Roles per AWS account: 250
SolutionClassifying the user and group
When download or Upload…Use IAM (Identify and Access Management)
Use Query String Authentication
Classifier● Guest / Blocked User
● Normal User
● Group assigned Download user
● Group assigned Upload user
● Group Administrator
● Chat-room User
Query String Authentication1. Create a query.
2. Specify an expiration time for the query.
3. Sign it with your signature.
4. Distribute the request to a user or embed the request in
a web page.
IAM (Identity and Access Management)
● IdentityAWS UserAWS Group
● Access ManagementGet, Put, Delete, ListVersion, Policy, Payment
Example 1
As a user, I can download file from S3.
GeneratePresignedUrlRequest generatePresignedUrlRequest
= new GeneratePresignedUrlRequest(bucketName, keyname);
generatePresignedUrlRequest.setMethod(HttpMethod.GET);
generatePresignedUrlRequest.setExpiration(new Date(System.currentTimeMillis() + (long)(1000 * 60 * 60));
AmazonS3Client s3Client
= new AmazonS3Client(new BasicAWSCredentials(ACCESS_KEY, SECRET_ACCESS_KEY));
URL urlForGet = s3Client.generatePresignedUrl(generatePresignedUrlRequest);
Example 2
As a user, I can upload file to S3.
GeneratePresignedUrlRequest generatePresignedUrlRequest
= new GeneratePresignedUrlRequest(bucketName, keyname);
generatePresignedUrlRequest.setMethod(HttpMethod.PUT);
generatePresignedUrlRequest.setExpiration(new Date(System.currentTimeMillis() + (long)(1000 * 60 * 60));
AmazonS3Client s3Client
= new AmazonS3Client(new BasicAWSCredentials(ACCESS_KEY, SECRET_ACCESS_KEY));
URL urlForPut = s3Client.generatePresignedUrl(generatePresignedUrlRequest);
