Amazon s3 access control
Upcoming SlideShare
Loading in...5
×
 

Amazon s3 access control

on

  • 109 views

An survey for access control of Amazon S3

An survey for access control of Amazon S3

Statistics

Views

Total Views
109
Views on SlideShare
109
Embed Views
0

Actions

Likes
0
Downloads
1
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Amazon s3 access control Amazon s3 access control Presentation Transcript

    • AWS S3 Access Control Wei De
    • Scenario 1 Hey~ What’s up~ Let me show something for you. 18 WTF !! People want share something interest with each others.
    • Scenario 2 Here’s attachment for your reference. ok~ thanks~ Office workers need share information to the customer or colleague.
    • Scenario 3 ABC Inc. Put Get Put Get Put Get Put Get Put Get Administrator needs to assign permission to someone.
    • User story 1 As a guest or blocked-user, I can't do anything with file. As a user, I can download file from S3. As a user, I can upload file to S3.
    • User story 2 As a Group-user, I can download file in my group. As a Group-user, I can upload file in my group.
    • User story 3 As a Group Admin, I can assign download permission to user who is in my group. As a Group Admin, I can take back the download permission from user who is in my group.
    • User story 4 As a Group Admin, I can assign download permission to user who is in my group. As a Group Admin, I can take back the download permission from user who is in my group.
    • User story 5 As a Group Admin, I can assign upload permission to user who is in my group. As a Group Admin, I can take back upload permission form user who is in my group.
    • User story 6 As a user in Chat-room, I can upload file to others in same chatroom. As a user in Chat-room, I can download file from others in same chatroom.
    • Limitation Groups per AWS account: 100 Users per AWS account: 5000 Number of groups per user: 10 Roles per AWS account: 250
    • Solution Classifying the user and group When download or Upload… Use IAM (Identify and Access Management) Use Query String Authentication
    • Classifier ● Guest / Blocked User ● Normal User ● Group assigned Download user ● Group assigned Upload user ● Group Administrator ● Chat-room User
    • Query String Authentication 1. Create a query. 2. Specify an expiration time for the query. 3. Sign it with your signature. 4. Distribute the request to a user or embed the request in a web page.
    • IAM (Identity and Access Management) ● Identity AWS User AWS Group ● Access Management Get, Put, Delete, List Version, Policy, Payment
    • Example 1 As a user, I can download file from S3.
    • GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(bucketName,keyname); generatePresignedUrlRequest.setMethod( ttpMethod.GET); H generatePresignedUrlRequest.setExpiration( new Date(System.currentTimeMillis() + (long)(1000 * 60 * 60)); AmazonS3Client s3Client = new AmazonS3Client(new BasicAWSCredentials(CCESS_KEY, SECRET_ACCESS_KEY)); A URL urlForGet = s3Client.generatePresignedUrl(generatePresignedUrlRequest);
    • Example 2 As a user, I can upload file to S3.
    • GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(bucketName,keyname); generatePresignedUrlRequest.setMethod( ttpMethod.PUT); H generatePresignedUrlRequest.setExpiration( new Date(System.currentTimeMillis() + (long)(1000 * 60 * 60)); AmazonS3Client s3Client = new AmazonS3Client(new BasicAWSCredentials(CCESS_KEY, SECRET_ACCESS_KEY)); A URL urlForPut = s3Client.generatePresignedUrl(generatePresignedUrlRequest);
    • END