• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Seperate account access for Amazon S3 storage?

fuzzybabybunny

fuzzybabybunny

Moderator<br>Digital & Video Cameras
Moderator
I want to host files using Amazon's S3. Currently what I like about my regular FTP host is that I can create a new user and give that user access only to a certain subdirectory.

Ex.
Username: contractor
FTP: only given access to /www/contractor_documents/

The user doesn't have access to any other directories except for this one.

Is there a way to do this with S3?

Ex.

In my bucket I have a Photos and Videos directory. The photographer can access the Photos directory, but not the Videos directory.
 
There may be some 3rd party apps along the lines of what you are doing, but be prepared to pay more than what Amazon is charging.

My company did something similar using Azure storage, for companies to share streaming videos with clients. Setting up and keeping track of all all the pass through validation was a pain, there is no way around it. The problem wih cloud storage is you don't know what server, or even what data center, the cloud provider might use to serve up your content.

You might get lucky and find some open source projects that are heading in that direction. But last I checked, anything out there trying to do this was very rough and was likely a year or more away from being fire up and go ready.
 
Last edited:
"Bucket Explorer" Team Edition has a way to set up different rights for different users using its own account system instead of Amazon's
http://www.bucketexplorer.com/

For raw S3, you can create limited sub-accounts and only give them read-write access to a specific bucket instead of all of your storage. That's an entire bucket though not just one folder in it.

"CrossFTP" can make that bucket look like FTP storage.
http://www.crossftp.com/
 
DaveSimmons said:
"Bucket Explorer" Team Edition has a way to set up different rights for different users using its own account system instead of Amazon's
http://www.bucketexplorer.com/

For raw S3, you can create limited sub-accounts and only give them read-write access to a specific bucket instead of all of your storage. That's an entire bucket though not just one folder in it.

"CrossFTP" can make that bucket look like FTP storage.
http://www.crossftp.com/
Click to expand...

Thanks, I'll look into it. Right now it seems like the easiest way to do this is just go register a ton of different buckets and assign a different account to each bucket. The downside being that the buckets are completely independent of each other and don't share the same directory structure at all. Is that what you're getting at?

Or maybe a layman's walkthrough would be nice.
 
I looked at the various different types of explorer apps and I can't justify purchasing a copy of the software for each of my employees just to use Amazon.

I have an S3 account with buckets named Paragon_Media_Share and Paragon_Photographer

I go into the IAM Dashboard and create a new group called Photographers. I want them to only access the Paragon_Photographer bucket.

My policy:

Code: 
{
  "Statement": [
    {
      "Action": [
        "s3:ListAllMyBuckets"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::*"
    },
    {
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::Paragon_Photographer", "arn:aws:s3:::Paragon_Media_Photographer/*"]
    }
  ]
}

I create a Photographer user, put it into the Photographer Group, record the secret key and the access key, put them into CloudBerry, and I can connect and see the contents of the bucket, but I get Access Denied every time I try and upload anything.

WTF?
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top