Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

IAM and S3 How to secure

0

I have created a Group (as WEB Admin), couple of uses with Admin and a S3 configured for WEB.

Would it be a good security practice if I give the Users Full S3 permissions? If I do so, in which way could I track what they do, and to configure same, perhaps via CloudTrail?

If the above is not a recommended, based on security, what would be the best way to grant those lease permissions, to the Users and the S3 Bucket?

If you could some Json examples along with technical guidelines would be appreciated.

Argomenti
Gestione e amministrazione
Tag
Gestore account AWS
Lingua
English
Denzil777
posta 4 mesi fa224 visualizzazioni
2 Risposte
1
Risposta accettata

I personally would not issue full S3 permissions - if an outside actor gained access to someone's credentials you might have a bad time. You could monitor them using CloudTrail, Athena queries and even Guard Duty.

Please review the official Security Best Practices for S3 here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html

profile pictureAWS
ESPERTO
David
con risposta 4 mesi fa
profile picture
ESPERTO
Gary Mclean
verificato 4 mesi fa
0

Hello David,

Thank you and appreciate that. I am novice and since I have no knowledge in JSON, I found it a bit hard and complex to understand everything explain in that document.

Would there be a more simple way, please?

Denzil777
con risposta 4 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente