S3 Granular access
How can I give Granular access to different users of a single s3 bucket? For the use case, let's assume that multiple users use a common S3 bucket to store files. Users can access & download files from the bucket. But how can I ensure that a user is not able to access another user's files? Also if the user base increases to a million how can I dynamically allow users to store & download files with full privacy(each file created is associated with a particular user only)?
Normally I'd suggest that you start by looking at Bucket Policies because you can control access by user. But the bucket policy has a size limit (20kB) so you'll quickly run into issues there once you hit a reasonable number of users.
You don't say what authentication method you're using. Even though bucket policies aren't going to work, they assume that you're using IAM to authenticate and that is not going to scale given the number of users you're talking about.
Personally, I think you're going to have to build something custom as an overlay to S3 which authenticates the users and controls access; and I also think that you're going to need to use more than one bucket (maybe).
However, this is a detailed, nuanced and large topic. I'd strongly encourage you to reach out to your local AWS Solutions Architect to discuss what your options are here.
If you're ok with using folders (prefixes) for each user instead of individual files - then this link (https://aws.amazon.com/premiumsupport/knowledge-center/iam-s3-user-specific-folder/) might help.
Relevant questions
AppStream 2.0 - Access Control for different users and monitoring
Accepted Answerasked 3 years agoCan an Glue Crawler use a S3 Lambda Access Point as a data store?
asked 7 days agoCan I control WEB (not admin) users access to specific folders on my static S3 website?
asked 13 days agoCan I use CloudFront to serve Amazon S3-Infrequent Access or Amazon S3 Glacier objects?
Accepted Answerasked 2 years agounable to access S3 log files owned by "s3-log-service"
asked 3 years agoS3 Granular access
asked 15 days agoCorrect process for configuring S3 bucket so ONLY Cloudfront can access?
asked 3 years agoGive employee access to S3.
asked 6 months agoHow do I share Amazon S3 files with users who don't have AWS Management Console access?
Accepted Answerasked 2 years agoEnable Cognito-authenticated users to access S3 bucket
asked 4 months ago