aws-sts

问题 I have a bucket in Amazon S3 and I set data inside read only for everyone. However, this is not what I want. I would like that data to be accessible only from my mobile application and restrict it to download by url. Is that possible? if so how to implement such bucket policy? 回答1: Traditionally, access to a mobile app is done this way: The mobile app user authenticates to your back-end (through your mobile app). This could be done with Amazon Cognito or with your own database of username

问题 I'm trying to files from a vendors S3 bucket to my S3 bucket using boto3. I'm using the sts service to assume a role to access the vendor s3 bucket. I'm able to connect to the vendor bucket and get a listing of the bucket. I run into CopyObject operation: Access Denied error when copying to my bucket. Here is my script session = boto3.session.Session(profile_name="s3_transfer") sts_client = session.client("sts", verify=False) assumed_role_object = sts_client.assume_role( RoleArn="arn:aws:iam:

问题 I'm trying to files from a vendors S3 bucket to my S3 bucket using boto3. I'm using the sts service to assume a role to access the vendor s3 bucket. I'm able to connect to the vendor bucket and get a listing of the bucket. I run into CopyObject operation: Access Denied error when copying to my bucket. Here is my script session = boto3.session.Session(profile_name="s3_transfer") sts_client = session.client("sts", verify=False) assumed_role_object = sts_client.assume_role( RoleArn="arn:aws:iam:

问题 I created a new policy to enforce IAM user to setup MFA using the policy in this link https://docs.aws.amazon.com/en_pv/IAM/latest/UserGuide/reference_policies_examples_aws_my-sec-creds-self-manage.html Now the IAM user has AdministratorAccess already..so now with applying this force MFA policy now the user has 2 policies attached. The AWS managed policy AdministratorAccess and the new Managed policy i created Force_MFA now when i try to run ansible iwth module https://docs.ansible.com

问题 I am going through this AWS doc about temporary credentials, and I have come across this, about the duration of them: The GetSessionToken action must be called by using the long-term AWS security credentials of the AWS account or an IAM user. Credentials that are created by IAM users are valid for the duration that you specify, from 900 seconds (15 minutes) up to a maximum of 129600 seconds (36 hours), with a default of 43200 seconds (12 hours); credentials that are created by using account

问题 When using plain auth credentials I can do: ContextBuilder.newBuilder("aws-s3").credentials(keyId, key).buildView(BlobStoreContext.class); ... to access BlobStoreContext for S3. In native Amazon java api I can use Security Token Service (STS) to assume role and use temporary credentials to access S3 or any other AWS service. How do I do this in jclouds? 回答1: I figured it out. This code snippet allows to assume role and use temp credentials to access S3: STSApi api = ContextBuilder.newBuilder(