Recommandé
Recommandé
Contenu connexe
Similaire à Amazon s3 access control
Similaire à Amazon s3 access control (20)
Dernier
Dernier (20)
Amazon s3 access control
- 2. Scenario 1 Hey~ What’s up~ Let me show something for you. 18 WTF !! People want share something interest with each others.
- 3. Scenario 2 Here’s attachment for your reference. ok~ thanks~ Office workers need share information to the customer or colleague.
- 4. Scenario 3 ABC Inc. Put Get Put Get Put Get Put Get Put Get Administrator needs to assign permission to someone.
- 5. User story 1 As a guest or blocked-user, I can't do anything with file. As a user, I can download file from S3. As a user, I can upload file to S3.
- 6. User story 2 As a Group-user, I can download file in my group. As a Group-user, I can upload file in my group.
- 7. User story 3 As a Group Admin, I can assign download permission to user who is in my group. As a Group Admin, I can take back the download permission from user who is in my group.
- 8. User story 4 As a Group Admin, I can assign download permission to user who is in my group. As a Group Admin, I can take back the download permission from user who is in my group.
- 9. User story 5 As a Group Admin, I can assign upload permission to user who is in my group. As a Group Admin, I can take back upload permission form user who is in my group.
- 10. User story 6 As a user in Chat-room, I can upload file to others in same chatroom. As a user in Chat-room, I can download file from others in same chatroom.
- 11. Limitation Groups per AWS account: 100 Users per AWS account: 5000 Number of groups per user: 10 Roles per AWS account: 250
- 12. Solution Classifying the user and group When download or Upload… Use IAM (Identify and Access Management) Use Query String Authentication
- 13. Classifier ● Guest / Blocked User ● Normal User ● Group assigned Download user ● Group assigned Upload user ● Group Administrator ● Chat-room User
- 14. Query String Authentication 1. Create a query. 2. Specify an expiration time for the query. 3. Sign it with your signature. 4. Distribute the request to a user or embed the request in a web page.
- 15. IAM (Identity and Access Management) ● Identity AWS User AWS Group ● Access Management Get, Put, Delete, List Version, Policy, Payment
- 16. Example 1 As a user, I can download file from S3.
- 18. GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(bucketName,keyname); generatePresignedUrlRequest.setMethod( ttpMethod.GET); H generatePresignedUrlRequest.setExpiration( new Date(System.currentTimeMillis() + (long)(1000 * 60 * 60)); AmazonS3Client s3Client = new AmazonS3Client(new BasicAWSCredentials(CCESS_KEY, SECRET_ACCESS_KEY)); A URL urlForGet = s3Client.generatePresignedUrl(generatePresignedUrlRequest);
- 19. Example 2 As a user, I can upload file to S3.
- 21. GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(bucketName,keyname); generatePresignedUrlRequest.setMethod( ttpMethod.PUT); H generatePresignedUrlRequest.setExpiration( new Date(System.currentTimeMillis() + (long)(1000 * 60 * 60)); AmazonS3Client s3Client = new AmazonS3Client(new BasicAWSCredentials(CCESS_KEY, SECRET_ACCESS_KEY)); A URL urlForPut = s3Client.generatePresignedUrl(generatePresignedUrlRequest);
- 22. END