I currently use AWS S3 buckets to store backup files.
I will start a project where I will store more sensitive data and, consequently, backups will also have such sensitive data.
I use the access manager (IAM) to create a user with programmatic access (ID and secret key), to only access with the specific service (S3, SES and etc.).
However, that same user, having the permission to use the services of AWS S3 will be able to see ALL BUCKETS that I have in that account.
Thus, if a project whose "lighter" security is compromised, AWS S3 access data for the compromised project may allow unwanted people to access the bucket with sensitive data.
As I read the AWS documentation ([login to view URL], there are other links with more details about my need) I realized that there is a possibility to insert some access policies in the bucket.
Create an AWS S3 access policy where I can edit so that, in the specific bucket where this rule will be inserted, only the programmatic user created and (logically) the user root (account owner) will be able to see, edit and etc. the bucket specific.
Other programmatic users that, by chance, exist (or will exist) will not be able to see or open such a bucket.
This ‘model’ rule will be used in other projects that I manage. Soon the stop needs to work when I change the programmatic users who will have access.
At the end, I think it prudent that the contracted professional should also assist / teach me to:
- Guide on audit mechanisms to validate access;
- Guidance on the allocation of access policies.
Project budget: 50 USD
11 freelancer đang chào giá trung bình $123 cho công việc này
Hi, I have 4 years of experience in Linux system admin and aws services. I will create s3 bucket policy as you describe. Please discuss to start. Thank you
I am AWS Certified Architect and securing cloud is one of specialization. Well versed in implementing secure bucket access and audit/ compliance requirement implementation.