IAM and S3 How to secure

I have created a Group (as WEB Admin), couple of uses with Admin and a S3 configured for WEB.

Would it be a good security practice if I give the Users Full S3 permissions? If I do so, in which way could I track what they do, and to configure same, perhaps via CloudTrail?

If the above is not a recommended, based on security, what would be the best way to grant those lease permissions, to the Users and the S3 Bucket?

If you could some Json examples along with technical guidelines would be appreciated.

주제

관리 및 거버넌스

태그

AWS 계정 관리

언어

English

Denzil777

질문됨 4달 전224회 조회

2개 답변

최신
최다 투표
가장 많은 댓글

수락된 답변

I personally would not issue full S3 permissions - if an outside actor gained access to someone's credentials you might have a bad time. You could monitor them using CloudTrail, Athena queries and even Guard Duty.

Please review the official Security Best Practices for S3 here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html

전문가

David

답변함 4달 전

전문가

Gary Mclean

검토됨 4달 전

Hello David,

Thank you and appreciate that. I am novice and since I have no knowledge in JSON, I found it a bit hard and complex to understand everything explain in that document.

Would there be a more simple way, please?

Denzil777

답변함 4달 전

David 전문가
4달 전
I wouldn't say there is a simple way - but this walkthrough/tutorial should be very helpful: https://docs.aws.amazon.com/AmazonS3/latest/userguide/walkthrough1.html

IAM and S3 How to secure

관련 콘텐츠