I've read a ton of AWS documentation, and tried dozens of sample configurations, but the only AWS policy I've managed to get working is the one that grants everyone full-access to a S3 bucket. This is terrifying.
The single-user full access scenario:
Here's the setup:
- An AWS user, jenkins, who doesn't belong to any groups or roles.
- A server containing jenkins AWS_SECRET_KEY and AWS_ACCESS_KEY.
- An brand new empty S3 bucket, notes using default permissions.
The question is whether it is possible to curl to implement the following operations using the credentials associated with the jenkins user:
- Upload a text file,
foocontaining the phrase "hello, world" to notes. - Download the text file,
foo, from notes. - Fetch a list of all of the files in notes.
What a good solution looks like:
An acceptable solution to my question has the following parts:
- A set of
curlcommands demonstrating the solution. - An explanation of any S3 settings (i.e. ACLs) or IAM user/group/role policies and how these damn things are supposed to work.
- [Optional] References to 3rd-party blogs/posts from 2014 onwards containing sound explanations of how these security parts fit together.
However, solutions like "use SDK X" or "download tool Y" are nice, but ultimately unhelpful, and solutions like "what are you really trying to do here, maybe there is an easier way" will be met with a comment referring to this section. Thank you for understanding that I really just want 3 curl statements and an explanation of S3 ACLs and IAM policies for this scenario.
Aucun commentaire:
Enregistrer un commentaire