Amazon S3 Access Management:
As S3 consist of many data files or objects some of them are for the public some of them are abstract and some of them are protected and some of them are private so to make this vast variety of access we can not create different buckets but can make Access management policy for bucket where data is stored so can manage access management from outside sources This Practice is known as Amazon S3 Access Management and each bucket have there own Access Policy where we can decide which object is to serve on which request and which is not
Amazon S3 Bucket for Static hosting(Client Side Script)
When an S3 bucket is configured for website hosting, the bucket is assigned a URL. When requests are made to this URL, Amazon S3 returns the HTML file, known as the root object, that was set for the bucket.
Amazon S3 Bucket Policy
For others to access the S3 bucket, or specific objects in it, permissions must be configured to allow that access. A bucket policy can be created to configure these permissions
A bucket policy defines who can access the bucket and what type of operations can be performed. Bucket policies are written in JSON format.
Amazon S3 Resouces Management with Access Policies
By Default, When resources are being created they are Private i.e, Only the resource Owner or AWS Account holder can access the Resources
What if others want to access it?
When any other person wants to access the private Resouces then AWS will not allow it after reviewing the bucket access policies
but if the resource owner or AWS account owner make the EDIT access policies all the authorised users can access the resources and perform authorised task mentioned in Access Policies
Access Policies
|
|
|
------------------------------------------------------------------------------------------------ ↓ ----------------------------------------------------
| |
| |
↓ ↓ <<<<<<<<<<<<<<<|
Resource Policies ↓ User Policies => IAM User
|=> Bucket Policies
|=> Access Control List (ACL)
Resources Policies
Bucket Policies : (Recommended to use)
A JSON format policies which is used to manage the access control over resources specially the buckets access is defined in this, When any request comes from any arbitrary IP or user than amazon validate the S3 bucket policies before giving any type of operational access to the bucket or its object
Query string authentication : Time limited and Request limited access
ACL's (Access Control Lists) :(legacy Access Management Service)
These List are written in XML used to validate the access for the request as if the request URL present in the list then it is ok with prescribed limits
AMAZON ACL uses as important Access policies where i decide automatically or always be associated with newly created Objects and S3 Buckets and ACL helps in improving the security and access control by default on object or Bucket creation all services can be access by the root user and Bucket Owner
USER ACCESS POLICIES :
It simply controls who has access to your resources and written in JSON format
AWS IAM (Identity and Access Management) : (Recommended)
AWS IAM is a recommended User policy which is being used to give access to the certain/ all the services to other users which is designed by the AWS account owner and when any request come then AWS first validate the Access Policies and if there is an IAM user policies and if requesting user matches the service AWS gives the access to the certain and written services and resources to the IAM user and it isdesign in JSON format
*=> Represent ALL like SQL
Note: When an S3 bucket is configured for website hosting, the bucket is assigned a URL. When requests are made to this URL, Amazon S3 returns the HTML file, known as the root object, that was set for the bucket.
| Resource Policies |
User Policies |
|---|
| Bucket Policies |
Access Control List |
| IAM Users |
Comments
Post a Comment