Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

IAM and S3 How to secure

0

I have created a Group (as WEB Admin), couple of uses with Admin and a S3 configured for WEB.

Would it be a good security practice if I give the Users Full S3 permissions? If I do so, in which way could I track what they do, and to configure same, perhaps via CloudTrail?

If the above is not a recommended, based on security, what would be the best way to grant those lease permissions, to the Users and the S3 Bucket?

If you could some Json examples along with technical guidelines would be appreciated.

Themen
Management & Unternehmensführung
Tags
AWS Kontoverwaltung
Sprache
English
Denzil777
gefragt vor 4 Monaten224 Aufrufe
2 Antworten
1
Akzeptierte Antwort

I personally would not issue full S3 permissions - if an outside actor gained access to someone's credentials you might have a bad time. You could monitor them using CloudTrail, Athena queries and even Guard Duty.

Please review the official Security Best Practices for S3 here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html

profile pictureAWS
EXPERTE
David
beantwortet vor 4 Monaten
profile picture
EXPERTE
Gary Mclean
überprüft vor 4 Monaten
0

Hello David,

Thank you and appreciate that. I am novice and since I have no knowledge in JSON, I found it a bit hard and complex to understand everything explain in that document.

Would there be a more simple way, please?

Denzil777
beantwortet vor 4 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt