Our company has software stored in folders in an Amazon S3 bucket, this software needs to be downloaded by third party companies. We want to be able to control access to the software by giving out a URL.
I've looked into pre-signed URLs however they expire which is no good because the third parties need permanent access.
Below is a link to a different question in stack overflow: How secure are Amazon AWS Access keys?
The poster (AyKarsi) is using the URL - http://ift.tt/1KCmQ6u access key]&Expires=1433297453&Signature=[this random set of numbers]
His question is sort of answered by Tom Andersen. I tired to flow Tom's steps without the URL expiring:
First I created an IAM User and attached a permissions policy with the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt14350*******0",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"GetObject"
],
"Resource": [
"arn:aws:s3:::bucket-name/folder-name/*"
]
}
]
}
I then took the access key for this user and placed it in the following URL: http://ift.tt/1N5s7EB
Unfortunately this just returns the error code Access Denied:
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>8B394885E81B29A7</RequestId>
<HostId>fpaNduIOIkWGetgWECQMI/mm5rL2GpJ+6P+P5En0LODJDpKWrUwYn+dXbqvgFrb4
</HostId>
</Error>
What is wrong with my method above? Is it possible to do it this way? Finally what method would you use?
Aucun commentaire:
Enregistrer un commentaire