By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to validate my service can upload to another account's S3 bucket?

0

Hello,

One of our service is uploading files to customer's buckets using STS. As we are changing our process to retrieve STS tokens, we want to validate uploads will continue working and we were wondering if there are ways to validate uploads would still work with the new process without uploading? (like a dry-run upload). Because part of the permissions can be set on the customer's AWS account that we might not know of or might ignore with our current process, the uploads could fail with the new process. So we are going to try to upload with the new process and fallback to the current one if the upload fails but we were wondering if there was a dry-run upload or validate permissions method we could use instead.

Thank you.

Topics
StorageManagement & Governance
Tags
Amazon Simple Storage ServiceStorageAWS Account Management
Language
English
rePost-User-2958766
asked a year ago278 views
3 Answers
0

Greetings,

Yes, there are a few ways to test whether your new process for retrieving STS tokens will work with your current file uploading process, without actually uploading files. Here are some options:

Use the AWS CLI to simulate an upload: You can use the AWS CLI's s3api put-object command to simulate an upload to an S3 bucket. This command doesn't actually upload a file, but it does send the necessary API calls to S3 to check if the specified credentials have permission to write to the bucket.

Use a test bucket: You can create a test S3 bucket and use it to test your new process for retrieving STS tokens. You can upload a small test file to this bucket to confirm that the new process is working correctly.

Use the Amazon S3 API to check permissions: You can use the s3:ListBucket and s3:PutObject actions in the AWS IAM policy to check if the STS credentials have the necessary permissions to upload files to the bucket. You can use the AWS SDK for your preferred programming language to write a script that checks these permissions and alerts you if they are missing.

Use a policy simulator: The AWS IAM policy simulator allows you to test the effects of IAM policies on specific API calls to AWS services, including S3. You can use the policy simulator to test the permissions granted by your STS token retrieval process and make sure they are sufficient for uploading files to the customer's bucket.

These methods can help you ensure that your new process for retrieving STS tokens will work with your current file uploading process, and can help you identify any permission issues that might cause the uploads to fail.

Please let me know if this answered your question

AWS
EXPERT
ZJon
answered a year ago
  • ZJon EXPERT
    a year ago

    Please let me know if we answered your question

0

Check the response code received by he service which initiates this request to upload the file in S3. Status code 200 is Success. Please find the other response code which you can check as per your business need.

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/4/html/developer_guide/s3-common-response-status-codes_dev

Biswa
answered a year ago
0

Yes, there is a --dry-run option on the AWS CLI. So, you could run the command to validate your side, but your partner would also need to run the command from their side. There is also the Policy Simulator.

profile pictureAWS
EXPERT
kentrad
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content