Scott Nicholson
Scott Nicholson

Reputation: 21

Using AWS S3 to Share Folders

Use Case: shutting down on-premise WingFTP Secure Server and moving 50+ folders to AWS S3. Need to provide access to 120 end users outside my organization.

Challenges:

  1. How do I limit end user access to their specific folder(s) in the s3 bucket? I can't expose one users data to another.
  2. Do not want to spin up a 3rd party application like FileCloud (no offense to FileCloud), nor do I want to spin-up an EC2 running WingFTP.
  3. Lastly, not intent to set up 120+ IAM end user accounts.

Thanks for any feedback!

Scott

Upvotes: 2

Views: 3594

Answers (1)

John Rotenstein
John Rotenstein

Reputation: 270114

I congratulate you for helping to eliminate FTP from the world!

You should not give the users IAM accounts. IAM should only be used for users and applications within your own organisation.

Instead, you need a way to authenticate the end users and then give them appropriate (temporary) access to Amazon S3.

One way would be to use Amazon Cognito to authenticate users. You can then generate temporary credentials that grant access to 'their folder' within an S3 bucket. They can use these credentials with the AWS Command-Line Interface (CLI), or an application like CyberDuck or simply a web page that allows them to upload a file. If they want to automate the upload, then the CLI is the way to go.

Another way would be to have a simple application that authenticates the users (however you want to do that), then generates Pre-Signed URLs that allows them to upload files via a web page to their specific folder.

Upvotes: 2

Related Questions