Amazon s3 access control

317 views
241 views

Published on

An survey for access control of Amazon S3

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
317
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
6
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Amazon s3 access control

  1. 1. AWS S3 Access Control Wei De
  2. 2. Scenario 1 Hey~ What’s up~ Let me show something for you. 18 WTF !! People want share something interest with each others.
  3. 3. Scenario 2 Here’s attachment for your reference. ok~ thanks~ Office workers need share information to the customer or colleague.
  4. 4. Scenario 3 ABC Inc. Put Get Put Get Put Get Put Get Put Get Administrator needs to assign permission to someone.
  5. 5. User story 1 As a guest or blocked-user, I can't do anything with file. As a user, I can download file from S3. As a user, I can upload file to S3.
  6. 6. User story 2 As a Group-user, I can download file in my group. As a Group-user, I can upload file in my group.
  7. 7. User story 3 As a Group Admin, I can assign download permission to user who is in my group. As a Group Admin, I can take back the download permission from user who is in my group.
  8. 8. User story 4 As a Group Admin, I can assign download permission to user who is in my group. As a Group Admin, I can take back the download permission from user who is in my group.
  9. 9. User story 5 As a Group Admin, I can assign upload permission to user who is in my group. As a Group Admin, I can take back upload permission form user who is in my group.
  10. 10. User story 6 As a user in Chat-room, I can upload file to others in same chatroom. As a user in Chat-room, I can download file from others in same chatroom.
  11. 11. Limitation Groups per AWS account: 100 Users per AWS account: 5000 Number of groups per user: 10 Roles per AWS account: 250
  12. 12. Solution Classifying the user and group When download or Upload… Use IAM (Identify and Access Management) Use Query String Authentication
  13. 13. Classifier ● Guest / Blocked User ● Normal User ● Group assigned Download user ● Group assigned Upload user ● Group Administrator ● Chat-room User
  14. 14. Query String Authentication 1. Create a query. 2. Specify an expiration time for the query. 3. Sign it with your signature. 4. Distribute the request to a user or embed the request in a web page.
  15. 15. IAM (Identity and Access Management) ● Identity AWS User AWS Group ● Access Management Get, Put, Delete, List Version, Policy, Payment
  16. 16. Example 1 As a user, I can download file from S3.
  17. 17. GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(bucketName,keyname); generatePresignedUrlRequest.setMethod( ttpMethod.GET); H generatePresignedUrlRequest.setExpiration( new Date(System.currentTimeMillis() + (long)(1000 * 60 * 60)); AmazonS3Client s3Client = new AmazonS3Client(new BasicAWSCredentials(CCESS_KEY, SECRET_ACCESS_KEY)); A URL urlForGet = s3Client.generatePresignedUrl(generatePresignedUrlRequest);
  18. 18. Example 2 As a user, I can upload file to S3.
  19. 19. GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(bucketName,keyname); generatePresignedUrlRequest.setMethod( ttpMethod.PUT); H generatePresignedUrlRequest.setExpiration( new Date(System.currentTimeMillis() + (long)(1000 * 60 * 60)); AmazonS3Client s3Client = new AmazonS3Client(new BasicAWSCredentials(CCESS_KEY, SECRET_ACCESS_KEY)); A URL urlForPut = s3Client.generatePresignedUrl(generatePresignedUrlRequest);
  20. 20. END

×