Reputation: 392
How to restrict Amazon S3 API access?
Is there a way to create a different identity to (access key / secret key) to access Amazon S3 buckets via the REST API where I can restrict access (read only for example)?
Upvotes: 8
Views: 6462
Answers (3)
Reputation: 3873
The recommended way is to use IAM to create a new user, then apply a policy to that user.
Upvotes: 9
Reputation: 2659
Check out the details at http://docs.amazonwebservices.com/AmazonS3/2006-03-01/dev/index.html?UsingAuthAccess.html (follow the link to "Using Query String Authentication")- this is a subdocument to the one Greg Posted, and describes how to generate access URLs on the fly.
This uses a hashed form of the private key and allows expiration, so you can give brief access to files in a bucket without allowed unfettered access to the rest of the S3 store.
Constructing the REST URL is quite difficult, it took me about 3 hours of coding to get it right, but this is a very powerful access technique.
Upvotes: 1
Reputation: 993085
Yes, you can. The S3 API documentation describes the Authentication and Access Control services available to you. You can set up a bucket so that another Amazon S3 account can read but not modify items in the bucket.
Upvotes: 4
Related Questions
- How to restrict S3 bucket access by network
- How to restrict the public access
- allow open access to S3 bucket with certain restrictions
- Restricting amazon s3 access for a web application?
- Restrict access to objects in S3
- Restrict access to S3 based on EC2 Instance and User
- Denying direct access to AWS S3 Object
- Limit S3 access to specific object
- How do you let only authorized user have access contents stored in Amazon's S3?
- Restrict world access to Amazon S3 URLs