Reputation: 408
How to access AWS S3 Objects in a secure way
What is the recommended way to let users access files that are stored on AWS S3?
I've currently found two ways:
- using the access key ID and secret access key
- making the whole bucket public and then accessing the files thru a public link.
Both options aren't really satisfying. Either I reveal the access/secret keys or all files are publicly available. Is there another third more secure way?
The software, that needs access to S3, will be running on Raspberry Pis. I was thinking of encrypting the credentials file, so a user wouldn't be able to read it easily.
Upvotes: 0
Views: 773
Answers (1)
Reputation: 723
The first thing is, to create a new individual AWS user with access key ID and secret for your project with and give the individual S3 permission to that user. Don't use admin credentials for a project. Every project should have a particular AWS user with its credentials and permissions. The second thing is, to rotate keys. So you create a new key with an old one and delete old key. More about rotation you can refer to Managing Access Keys for IAM Users documentation. Indeed, you can also encrypt it and AWS has the service AWS KMS. You can make research in AWS KMS service, it is a great tool for encryption. You can even encrypt your application vulnerable secret keys or passwords.
Upvotes: 1
Related Questions
- Get publicly accessible contents of S3 bucket without AWS credentials
- Pulling data from S3 using an address and access key from Python
- Access S3 files on cloud
- AWS: Provide a limited and secure access to S3 object
- S3 authentication via EC2 without passing AWS Access Key & Secret key in code or storage
- How to get access to data storage on Amazon S3 using access key, secret key and working bucket ID?
- AWS S3 Data Protection Using Client-Side Encryption
- How to make s3 bucket public in python
- How to setup AWS Credentials in Python
- Securely displaying images with Amazon S3 in Python