A A
asked on
Add in AWS IAM user permission to create buckets or create new buckets except existing one that created by others and have full access for lambada api functions to those buckets
Hello experts
I would like to setup iam user and give this user permission to create new buckets other than previous ones that already created by others before and restrict user access for creation if new buckets that he will be able to add and dont give him any access fir other buckets that are not created by him in addition to full access to lambada functions api to those buckets
WAiting for your kind advice.
I would like to setup iam user and give this user permission to create new buckets other than previous ones that already created by others before and restrict user access for creation if new buckets that he will be able to add and dont give him any access fir other buckets that are not created by him in addition to full access to lambada functions api to those buckets
WAiting for your kind advice.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Likely what this means is you'll grant a user an ACL to create new buckets.
Or potentially only new directories/folders inside existing buckets.
The way I think about this, which might be wrong, is that an S3 bucket is like "/", then folders can be created under each S3 root, per ACLs you create.
Aside: I prefer using straight up Linux machines, as all this is understandable + easy to manage.
Caveat: Do be aware, if you... start granting access to your S3 systems, you may get hit with AWS Surprise Bills.
You can search EE about this topic, as it comes up from time to time.
The problem becomes when you give S3 access to someone who's use to working on servers or desktop machines, being unaware of the per-object access fee with S3.
For example, running an IMAP server on a Linux machine will cost $0 extra over monthly hosting, so fixed cost.
If you make the mistake of using an S3 bucket for an IMAP backing store (or any other code which continual walks directories + reads files or meta files), then you'll likely get a surprise bill.
Before you ever give S3 access to anyone, best ensure they understand about AWS/S3 billing... then you review their code to make sure you never get a surprise bill.
Or potentially only new directories/folders inside existing buckets.
The way I think about this, which might be wrong, is that an S3 bucket is like "/", then folders can be created under each S3 root, per ACLs you create.
Aside: I prefer using straight up Linux machines, as all this is understandable + easy to manage.
Caveat: Do be aware, if you... start granting access to your S3 systems, you may get hit with AWS Surprise Bills.
You can search EE about this topic, as it comes up from time to time.
The problem becomes when you give S3 access to someone who's use to working on servers or desktop machines, being unaware of the per-object access fee with S3.
For example, running an IMAP server on a Linux machine will cost $0 extra over monthly hosting, so fixed cost.
If you make the mistake of using an S3 bucket for an IMAP backing store (or any other code which continual walks directories + reads files or meta files), then you'll likely get a surprise bill.
Before you ever give S3 access to anyone, best ensure they understand about AWS/S3 billing... then you review their code to make sure you never get a surprise bill.
ASKER
kindly do this policy will affect existing buckets and how can I let him create multiple buckets without mentioning names as the one who will create bucket will choose name so I am unable to choose bucket and give iam user to it as it is not created yet