Mr Mirchi Posted June 2, 2020 Report Posted June 2, 2020 Oka s3 bucket lo files load chesi vere project vaallaki s3 bucket details ivvaali.. so that vaallu s3 bucket numdi files read chesukuntaru to upload into their db...each file some 100MB vuntadhi.... ARN copied .... vere emi ivvaali... google chesstha if i dont get the answer here Quote
sri_india Posted June 2, 2020 Report Posted June 2, 2020 Just now, Mr Mirchi said: Oka s3 bucket lo files load chesi vere project vaallaki s3 bucket details ivvaali.. so that vaallu s3 bucket numdi files read chesukuntaru to upload into their db...each file some 100MB vuntadhi.... ARN copied .... vere emi ivvaali... google chesstha if i dont get the answer here first bucket ki kannalu emina unnayoo check cheyi bro .... Quote
dasari4kntr Posted June 2, 2020 Report Posted June 2, 2020 5 minutes ago, Mr Mirchi said: Oka s3 bucket lo files load chesi vere project vaallaki s3 bucket details ivvaali.. so that vaallu s3 bucket numdi files read chesukuntaru to upload into their db...each file some 100MB vuntadhi.... Skip ARN copied .... vere emi ivvaali... google chesstha if i dont get the answer here Question....U guys using aws organizations? Quote
kevinUsa Posted June 2, 2020 Report Posted June 2, 2020 25 minutes ago, Mr Mirchi said: Oka s3 bucket lo files load chesi vere project vaallaki s3 bucket details ivvaali.. so that vaallu s3 bucket numdi files read chesukuntaru to upload into their db...each file some 100MB vuntadhi.... ARN copied .... vere emi ivvaali... google chesstha if i dont get the answer here Did u check the IAM roles and security groups for the bucket? Quote
Mr Mirchi Posted June 2, 2020 Author Report Posted June 2, 2020 10 minutes ago, kevinUsa said: Did u check the IAM roles and security groups for the bucket? Avathali team vadiki emi details ivvaali ani asking anthe Quote
Spartan Posted June 2, 2020 Report Posted June 2, 2020 1 minute ago, Mr Mirchi said: Avathali team vadiki emi details ivvaali ani asking anthe you need to give cross-accout role access, if that team uses different account. SOURCE BUCKET POLICY: { "Version": "2012-10-17", "Statement": [ { "Sid": "DelegateS3Access", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::DESTINATION_BUCKET_ACCOUNT_NUMBER:root" }, "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::SOURCE_BUCKET_NAME/*", "arn:aws:s3:::SOURCE_BUCKET_NAME" ] } ] } DESTINATION IAM USER/ROLE POLICY: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::SOURCE_BUCKET_NAME", "arn:aws:s3:::SOURCE_BUCKET_NAME/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::DESTINATION_BUCKET_NAME", "arn:aws:s3:::DESTINATION_BUCKET_NAME/*" ] } ] } Quote
Mr Mirchi Posted June 2, 2020 Author Report Posted June 2, 2020 13 minutes ago, Spartan said: you need to give cross-accout role access, if that team uses different account. SOURCE BUCKET POLICY: { "Version": "2012-10-17", "Statement": [ { "Sid": "DelegateS3Access", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::DESTINATION_BUCKET_ACCOUNT_NUMBER:root" }, "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::SOURCE_BUCKET_NAME/*", "arn:aws:s3:::SOURCE_BUCKET_NAME" ] } ] } DESTINATION IAM USER/ROLE POLICY: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::SOURCE_BUCKET_NAME", "arn:aws:s3:::SOURCE_BUCKET_NAME/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::DESTINATION_BUCKET_NAME", "arn:aws:s3:::DESTINATION_BUCKET_NAME/*" ] } ] } They dont have any account... they r going to access for the forst time to read files...So basically i need to give them new IAM user with read access and then ARN of the bucket.. question is do i need to give them the access ys as weel? Quote
Spartan Posted June 2, 2020 Report Posted June 2, 2020 Just now, Mr Mirchi said: They dont have any account... they r going to access for the forst time to read files...So basically i need to give them new IAM user with read access and then ARN of the bucket.. question is do i need to give them the access ys as weel? how are they accessing the s3 bucket.? DB lo em upload chestaru..? file names aa.? if yes, create iam user , grant permissions to read objects ..they can use aws cli to get names and load into DB. Quote
dasari4kntr Posted June 2, 2020 Report Posted June 2, 2020 3 minutes ago, Mr Mirchi said: They dont have any account... they r going to access for the forst time to read files...So basically i need to give them new IAM user with read access and then ARN of the bucket.. question is do i need to give them the access ys as weel? If it is new department/project go with “aws organizations”...First...before creating iam user Quote
ARYA Posted June 2, 2020 Report Posted June 2, 2020 1 hour ago, Mr Mirchi said: Oka s3 bucket lo files load chesi vere project vaallaki s3 bucket details ivvaali.. so that vaallu s3 bucket numdi files read chesukuntaru to upload into their db...each file some 100MB vuntadhi.... Skip ARN copied .... vere emi ivvaali... google chesstha if i dont get the answer here Iam role Quote
fasak_vachadu Posted June 2, 2020 Report Posted June 2, 2020 Static url ichi dobbiamo, make it public Quote
kevinUsa Posted June 3, 2020 Report Posted June 3, 2020 2 hours ago, Spartan said: how are they accessing the s3 bucket.? DB lo em upload chestaru..? file names aa.? if yes, create iam user , grant permissions to read objects ..they can use aws cli to get names and load into DB. Nenu Ade chepite dobbadu Quote
Mr Mirchi Posted June 3, 2020 Author Report Posted June 3, 2020 3 hours ago, Spartan said: how are they accessing the s3 bucket.? DB lo em upload chestaru..? file names aa.? if yes, create iam user , grant permissions to read objects ..they can use aws cli to get names and load into DB. File names kaadhu.. files read chesi valla db lo binary format lo store chesukuntaru .. some 1900 files... one time task le.. Quote
jai thuss Posted June 3, 2020 Report Posted June 3, 2020 3 hours ago, Mr Mirchi said: They dont have any account... they r going to access for the forst time to read files...So basically i need to give them new IAM user with read access and then ARN of the bucket.. question is do i need to give them the access ys as weel? Make sure you have your bucket policy updated with readonly access for that user you've created { "Id": "bucketPolicy", "Statement": [ { "Action": "s3:*", "Effect": "Deny", "NotPrincipal": { "AWS": [ "arn:aws:iam::1234567890:user/alloweduser" ] }, "Resource": [ "arn:aws:s3:::examplebucket", "arn:aws:s3:::examplebucket/*" ] } ], "Version": "2012-10-17" } Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.