S3 Granular access

1

How can I give Granular access to different users of a single s3 bucket? For the use case, let's assume that multiple users use a common S3 bucket to store files. Users can access & download files from the bucket. But how can I ensure that a user is not able to access another user's files? Also if the user base increases to a million how can I dynamically allow users to store & download files with full privacy(each file created is associated with a particular user only)?

3개 답변
0

If you're ok with using folders (prefixes) for each user instead of individual files - then this link (https://aws.amazon.com/premiumsupport/knowledge-center/iam-s3-user-specific-folder/) might help.

AWS
AWS_Or
답변함 2년 전
0

NirvaShare could be a solution. Check the marketplace app at https://aws.amazon.com/marketplace/pp/prodview-hcqszucfxsvye

답변함 한 달 전
0

Normally I'd suggest that you start by looking at Bucket Policies because you can control access by user. But the bucket policy has a size limit (20kB) so you'll quickly run into issues there once you hit a reasonable number of users.

You don't say what authentication method you're using. Even though bucket policies aren't going to work, they assume that you're using IAM to authenticate and that is not going to scale given the number of users you're talking about.

Personally, I think you're going to have to build something custom as an overlay to S3 which authenticates the users and controls access; and I also think that you're going to need to use more than one bucket (maybe).

However, this is a detailed, nuanced and large topic. I'd strongly encourage you to reach out to your local AWS Solutions Architect to discuss what your options are here.

Edit April 2024: Check out this re:Invent video which talks to solving large scale data access problems with S3.

profile pictureAWS
전문가
답변함 2년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠