Jump to content

S3 bucket

Mr Mirchi

By Mr Mirchi
in Discussions

 Share

Recommended Posts

Mr Mirchi Celebrity

Mr Mirchi

Posted
Posted

Oka s3 bucket lo files load chesi vere project vaallaki s3 bucket details ivvaali.. so that vaallu s3 bucket numdi files read chesukuntaru to upload into their db...each file some 100MB vuntadhi....

 

ARN copied .... vere emi ivvaali... google chesstha if i dont get the answer here :)

Link to comment
Share on other sites
sri_india Celebrity

sri_india

Posted
Posted
Just now, Mr Mirchi said:

Oka s3 bucket lo files load chesi vere project vaallaki s3 bucket details ivvaali.. so that vaallu s3 bucket numdi files read chesukuntaru to upload into their db...each file some 100MB vuntadhi....

 

ARN copied .... vere emi ivvaali... google chesstha if i dont get the answer here :)

first bucket ki kannalu emina unnayoo check cheyi bro ....

Link to comment
Share on other sites
dasari4kntr LEGEND

dasari4kntr

Posted
Posted
5 minutes ago, Mr Mirchi said:

Oka s3 bucket lo files load chesi vere project vaallaki s3 bucket details ivvaali.. so that vaallu s3 bucket numdi files read chesukuntaru to upload into their db...each file some 100MB vuntadhi....

 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
Skip
 

ARN copied .... vere emi ivvaali... google chesstha if i dont get the answer here :)

Question....U guys using aws organizations?

Link to comment
Share on other sites
kevinUsa LEGEND

kevinUsa

Posted
Posted
25 minutes ago, Mr Mirchi said:

Oka s3 bucket lo files load chesi vere project vaallaki s3 bucket details ivvaali.. so that vaallu s3 bucket numdi files read chesukuntaru to upload into their db...each file some 100MB vuntadhi....

 

 

ARN copied .... vere emi ivvaali... google chesstha if i dont get the answer here :)

Did u check the IAM roles and security groups for the bucket?

 

Link to comment
Share on other sites
Mr Mirchi Celebrity

Mr Mirchi

Posted
  • Author
Posted
10 minutes ago, kevinUsa said:

Did u check the IAM roles and security groups for the bucket?

 

Avathali team vadiki emi details ivvaali ani asking anthe

Link to comment
Share on other sites
Spartan PRODUCER

Spartan

Posted
Posted
1 minute ago, Mr Mirchi said:

Avathali team vadiki emi details ivvaali ani asking anthe

you need to give cross-accout role access, if that team uses different account.

SOURCE BUCKET POLICY: 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DelegateS3Access",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::DESTINATION_BUCKET_ACCOUNT_NUMBER:root"
            },
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::SOURCE_BUCKET_NAME/*",
                "arn:aws:s3:::SOURCE_BUCKET_NAME"
            ]
        }
    ]
}

 

DESTINATION IAM USER/ROLE POLICY: 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::SOURCE_BUCKET_NAME",
                "arn:aws:s3:::SOURCE_BUCKET_NAME/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::DESTINATION_BUCKET_NAME",
                "arn:aws:s3:::DESTINATION_BUCKET_NAME/*"
            ]
        }
    ]
}

 

Link to comment
Share on other sites
Mr Mirchi Celebrity

Mr Mirchi

Posted
  • Author
Posted
13 minutes ago, Spartan said:

you need to give cross-accout role access, if that team uses different account.

SOURCE BUCKET POLICY: 


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DelegateS3Access",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::DESTINATION_BUCKET_ACCOUNT_NUMBER:root"
            },
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::SOURCE_BUCKET_NAME/*",
                "arn:aws:s3:::SOURCE_BUCKET_NAME"
            ]
        }
    ]
}

 

DESTINATION IAM USER/ROLE POLICY: 


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::SOURCE_BUCKET_NAME",
                "arn:aws:s3:::SOURCE_BUCKET_NAME/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::DESTINATION_BUCKET_NAME",
                "arn:aws:s3:::DESTINATION_BUCKET_NAME/*"
            ]
        }
    ]
}

 

They dont have any account... they r going to access for the forst time to read files...So basically i need to give them new IAM user with read access and then ARN of the bucket..

question is do i need to give them the access ys as weel?

Link to comment
Share on other sites
Spartan PRODUCER

Spartan

Posted
Posted
Just now, Mr Mirchi said:

They dont have any account... they r going to access for the forst time to read files...So basically i need to give them new IAM user with read access and then ARN of the bucket..

question is do i need to give them the access ys as weel?

how are they accessing the s3 bucket.?

DB lo em upload chestaru..? file names aa.?

if yes, create iam user , grant permissions to read objects ..they can use aws cli to get names and load into DB.

Link to comment
Share on other sites
dasari4kntr LEGEND

dasari4kntr

Posted
Posted
3 minutes ago, Mr Mirchi said:

They dont have any account... they r going to access for the forst time to read files...So basically i need to give them new IAM user with read access and then ARN of the bucket..

question is do i need to give them the access ys as weel?

If it is new department/project go with “aws organizations”...First...before creating iam user

Link to comment
Share on other sites
ARYA VIP

ARYA

Posted
Posted
1 hour ago, Mr Mirchi said:

Oka s3 bucket lo files load chesi vere project vaallaki s3 bucket details ivvaali.. so that vaallu s3 bucket numdi files read chesukuntaru to upload into their db...each file some 100MB vuntadhi....

 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
Skip
 

ARN copied .... vere emi ivvaali... google chesstha if i dont get the answer here :)

Iam role

Link to comment
Share on other sites
kevinUsa LEGEND

kevinUsa

Posted
Posted
2 hours ago, Spartan said:

how are they accessing the s3 bucket.?

DB lo em upload chestaru..? file names aa.?

if yes, create iam user , grant permissions to read objects ..they can use aws cli to get names and load into DB.

Nenu Ade chepite dobbadu 

Link to comment
Share on other sites
Mr Mirchi Celebrity

Mr Mirchi

Posted
  • Author
Posted
3 hours ago, Spartan said:

how are they accessing the s3 bucket.?

DB lo em upload chestaru..? file names aa.?

if yes, create iam user , grant permissions to read objects ..they can use aws cli to get names and load into DB.

File names kaadhu.. files read chesi valla db lo binary format lo store chesukuntaru .. some 1900 files... one time task le.. 

Link to comment
Share on other sites
jai thuss Celebrity

jai thuss

Posted
Posted
3 hours ago, Mr Mirchi said:

They dont have any account... they r going to access for the forst time to read files...So basically i need to give them new IAM user with read access and then ARN of the bucket..

question is do i need to give them the access ys as weel?

 

Make sure you have your bucket policy updated with readonly access for that user you've created 

   {
            "Id": "bucketPolicy",
            "Statement": [
                    {
                            "Action": "s3:*",
                            "Effect": "Deny",
                            "NotPrincipal": {
                                    "AWS": [
                                            "arn:aws:iam::1234567890:user/alloweduser"
                                    ]
                            },
                            "Resource": [
                                    "arn:aws:s3:::examplebucket",
                                    "arn:aws:s3:::examplebucket/*"
                            ]
                    }
            ],
            "Version": "2012-10-17"
    }
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...