Reputation: 2232
Amazon AWS Permissions Per User
I'm trying to figure out a way to grant Open/Download permissions to files that users upload to a bucket of mine. I was reading this: amazon S3 bucket policy - restricting access by referer BUT not restricting if urls are generated via query string authentication, and used it to implement referral based downloads, but what I'm trying to do is: User A uploads a file, only User A and root can access said file. User B uploads a file, only User B and root can access said file.
I'm already adding an account ID to the metadata of each file. Is it possible to use that for authentication? Run an if($s3->get_object_metadata('account_id', $file))=='123'{provide access}?
Upvotes: 0
Views: 160
Answers (1)
Reputation: 6936
A couple of things.
Firstly, please for the love of God, migrate to AWS SDK for PHP 2. SDK 1.x is on the way out, and hasn't received any updates in a while.
Having done that, you can use S3Client::putBucketPolicy() to grant access to a bucket by Canonical User ID (a.k.a., Account ID). That way, you push the responsibility of managing access control back onto the S3 service. When a user tries to access the object, they'll either get a 200 (201, 204, 304, 307), or a 403 if they're not allowed to access it.
If you choose to stay on SDK 1.x, the equivalent method is AmazonS3::set_bucket_policy().
Upvotes: 1
Related Questions
- EC2 user permissions
- How to separate permissions and billing in AWS?
- AWS S3 folder permission for users
- How do you give access to several users to one EC2 instance?
- How do I set write permissions for a directory in AWS for ec2-user?
- Give permissions to just one EC2 instance?
- Amazon Linux AMI Apache User and Permission Web Directory
- Amazon Web Services Developer User Permissions
- File permissions on EC2 Instance
- Access Rights on Amazon Web Services' EC2