1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
So I would answer this by you are trying to leverage LF-TBAC to control access to files in S3. This is where I would look into the specifics on how to provide granular access to objects/files/prefixes within S3 specifically.
Here is a specific workshop that you could potentially use to find a method to do it. https://catalog.workshops.aws/applying-abac/en-US/module1/01architecture if it works out, I think that would be a great blog item to talk about!
Please let me know if this answer provided you some benefit by marking it as accepted, and do come back to see if you found a way to unite S3 ABAC to LF-TBAC.
답변함 일 년 전
관련 콘텐츠
AWS 공식업데이트됨 2년 전- AWS 공식업데이트됨 일 년 전
Hi D.G.
Thank you for a prompt response - this a cool idea to combine LF-TRAC and ABAC. I'll try to implement a small POC and share my solution with you.
However, I just wonder if Lake Formation implement something similar - IMHO my use case is quite a standard one.
Thank you Stas
Yeah I think you could somehow "merge" the tag application so from an IAM perspective least privilege is attained, but on the LF-TBAC the object level is also provided. Think of it like a ABAC sandwich between IAM and LF.