Self-Managed Mode and IAM policies

It appears to me that the page on Self-Managed mode might have been written before IAM was implemented by Amazon. If this is the case, it would be beneficial to look into what IAM can do in terms of detailed policies and access control, and provide users with a template IAM policy script that they can assign to a new user/group for S3Stat access.

If it was done right, S3Stat would have all the access it needs and none of the access it doesn't need, all the while still remaining relatively easy to use.

rjk

Tuesday, October 2, 2012




I've been meaning to write some documentation around how to set up your S3stat account using IAM. You're right that it's a better way to go than simply handing us your AWS credentials.

Here's a policy that you can use to generate a set of keys that will work with a standard S3stat account:

http://www.s3stat.com/Downloads/iam.txt

That will give us the minimum priviledges we need to do our thing. Extra credit for enumerating just the buckets and distributions that you'll actually be using for reporting.

As with Self-Managed mode, there's still a lot that can go wrong (which is why it's taken so long to put together a good walkthrough), but it's certainly possible to get yourself up and running with IAM this way.

Good luck, and let me know if you see anything we can tweak on that policy.

Jason Kester

Wednesday, October 3, 2012

[ reply to this topic ]   [ return to topic list ]

© 2024 Expat Software Back to Top