0

I have a server, which should provide temporary credentials to the client. The credentials will be transmitted using HTTPS.

The client should be able to upload S3 files, as well as download them. The concern I have is the following:

I have multiple users accessing ONLY their own directory: /Users/someUser/myfile.png

You can set policies to allow or deny S3 in general, but you can't grant only the access to a specific path.

Is this secure?

IluTov
  • 123
  • 1
  • 5
  • If they're ONLY accessing their own directory, then it seems you have granted access to only that path. Is that not what you're saying? – rofls Nov 07 '12 at 08:15
  • I have found the answer. Take a look: http://stackoverflow.com/questions/13181996/temporary-credentials-using-aws-iam – IluTov Nov 26 '12 at 13:19

1 Answers1

1

If I understand correctly you are generating IAM logins on your server and providing them to the client for them to access S3 directly. If that is the case then no; it is not secure as these users would be able to access all of your S3 resources.

You could use bucket policies to set per-user permissions but those would have to be edited/created automatically by your server at the time to IAM logins were created since they ARNs wouldn't be known in advance.

If they are authenticating only to your server and your server is managing the S3 connection then the S3 portion is probably ok and the main concerns would be the security on the server itself.

Nathan V
  • 331
  • 1
  • 8
  • I have found the answer, sorry I didn't post it earlier. I'm not an active member on security.stackexchange.com. Thanks – IluTov Nov 26 '12 at 13:20