En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

IAM and S3 How to secure

0

I have created a Group (as WEB Admin), couple of uses with Admin and a S3 configured for WEB.

Would it be a good security practice if I give the Users Full S3 permissions? If I do so, in which way could I track what they do, and to configure same, perhaps via CloudTrail?

If the above is not a recommended, based on security, what would be the best way to grant those lease permissions, to the Users and the S3 Bucket?

If you could some Json examples along with technical guidelines would be appreciated.

Sujets
Gestion et gouvernance
Balises
AWS Account Management
Langue
English
Denzil777
demandé il y a 4 mois224 vues
2 réponses
1
Réponse acceptée

I personally would not issue full S3 permissions - if an outside actor gained access to someone's credentials you might have a bad time. You could monitor them using CloudTrail, Athena queries and even Guard Duty.

Please review the official Security Best Practices for S3 here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html

profile pictureAWS
EXPERT
David
répondu il y a 4 mois
profile picture
EXPERT
Gary Mclean
vérifié il y a 4 mois
0

Hello David,

Thank you and appreciate that. I am novice and since I have no knowledge in JSON, I found it a bit hard and complex to understand everything explain in that document.

Would there be a more simple way, please?

Denzil777
répondu il y a 4 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents