Reputation: 1914
Controlling Access To Amazon S3 buckets
I have a requirement where users are part of groups..user1 is part of group1, user2 is part of group2, user3 is part of group1 and group2..etc..
each group has static content which i want to host in Amazon S3. So far in my research, i concluded that i will need to create a bucket for each group.
My question is:
How do i control access to users ?
user1 should only be able to access resources of bucket belonging to group1.(upload, download etc.)
users should not be able to access resources of groups they are not part of.
I imagine this is a typical scenario, but so far my google-fu is not yeilding any fruitful results.
I have a NodeJS/Express REST API as my middle tier. Please advise me on how to engineer for this requirement.
Thanks
Upvotes: 0
Views: 317
Answers (1)
Reputation: 34416
You do not need a bucket per group. You could create one bucket, then in each bucket create a directory for each group and grant access only to the corresponding group. You can use IAM to create the groups and users. Refer to this AWS doc for a walkthrough on this scenario.
If you need to scale to many users and groups, you should look at the AWS Security Token Service which scales to millions of users and doesn't require IAM credentials at all. Your application is responsible for authenticating users and managing their accounts and group membership, but the token service can allow access to AWS resources including S3.
Upvotes: 1
Related Questions
- S3 Bucket Policy to Allow access to specific users and restrict all
- Restrict read-write access from my S3 bucket
- Amazon S3 Bucket Policy Public
- Amazon S3 Folder Level Permissions
- Allowing public-read and bucket-owner-full-control in S3
- Setting user permissions for AWS S3 buckets
- allow open access to S3 bucket with certain restrictions
- AWS S3 bucket access control
- Granting permissions to an Amazon S3 bucket
- Bucket permissions on Amazon