Amazon S3 permissions

Trying to understand S3...How do you limit access to a file you upload to S3? For example, from a web application, each user has files they can upload, but how do you limit access so only that user has access to that file? It seems like the query string authentication requires an expiration date and that won't work for me, is there another way to do this?


Asked by: Wilson542 | Posted: 06-12-2021






Answer 1

There are various ways to control access to the S3 objects:

  1. Use the query string auth - but as you noted this does require an expiration date. You could make it far in the future, which has been good enough for most things I have done.

  2. Use the S3 ACLS - but this requires the user to have an AWS account and authenticate with AWS to access the S3 object. This is probably not what you are looking for.

  3. You proxy the access to the S3 object through your application, which implements your access control logic. This will bring all the bandwidth through your box.

  4. You can set up an EC2 instance with your proxy logic - this keeps the bandwidth closer to S3 and can reduce latency in certain situations. The difference between this and #3 could be minimal, but depends your particular situation.

Answered by: Catherine245 | Posted: 07-01-2022



Answer 2

  1. Have the user hit your server
  2. Have the server set up a query-string authentication with a short expiration (minutes, hours?)
  3. Have your server redirect to #2

Answered by: Kellan967 | Posted: 07-01-2022



Answer 3

You will have to build the whole access logic to S3 in your applications

Answered by: Ned824 | Posted: 07-01-2022



Answer 4

I've been dealing with this, too. Don, who wrote the S3 PHP class I'm using, pointed out you can use dirs inside buckets. So you can put your file in a dir with a random string and then redirect to that. mybucket.amazon.net/wef49kfe4j409jf4f4f9jdfd/myfile.zip While not at all secure, you can control access to it by changing permissions or creating and deleting it (keep the original securely in a different bucket) as necessary.

Answered by: Lucas685 | Posted: 07-01-2022



Similar questions

python - Permissions for a site only

I have a multilingual Django project. Every language is a different subdomain. So we've decided to use the "sites" application and to create one different site for every language. On that project, I also have a "pages" application, which is quite similar to a CMS. The user can create pages with content and they'll be displayed in the appropriate language site. Now I'm looking to be able to manage advanced p...


python - How do I change permissions to a socket?

I am trying to run a simple Python based web server given here. And I get the following error message: Traceback (most recent call last): File "webserver.py", line 63, in <module> main() File "webserver.py", line 55, in main server = HTTPServer(('', 80), MyHandler) File "/usr/lib/python2.5/SocketSe...


python - Django - user permissions to certain views?

From the admin I see that you can allocate permissions to a user or a user group to :allow add, change or delete data from a model. That is great, but I also need to allow a user or a user group to access or not a group of views. I have certain type of services on my web site so I want to allow some users to access a certain services (pages/views) but not others. So how can I allow certain users/user group...


python - Adding permissions to django users which have add-on models

I will be creating an intranet site with multiple roles (client-employee, client-admin, staff team member). Each role will have a model that attaches (via One-to-One or ForeignKey field) to a user with custom fields. I want each role to have it's own set of permissions (like a group). How can I store this permissions set inside my application. Groups seem to be defined as part of the contrib.admin app rather than ...


python - Is there a Django app that can handle groups and permissions?

I know that Django has a permission/group system. But that's mostly tied to each model. (Correct me if I'm wrong.) My purpose is to have groups that can do multiple stuff. For example, one group can write to this and that. One group can edit this and that in different servers, different databases. Basically, it's beyond the model system. I just want a custom groups system that's not tied...


python - User permissions for Django module

I'm having a small issue with my permissions in my Django template. I'm trying to, based on permissions, show an icon in the menu bar for my project. I want to have it so that if the user has the permissions to add a new follow-up to the project, they can see the icon, if they don't have that permission, then do not display the link. My permission syntax is follow.add_followup, which I got from ...


python - How to change file access permissions in linux?

How does one change file access permissions? f = open('test','w') f.close() Defaults access permissions: 10600


python - how to launch gnome apps with su permissions?

I have a python app I want to distribute as an rpm. The app requires talking to usb devices. To talk to usb devices, I need sudo privileges (or some type of permission I've yet to learn about). Unfortunately, my app fails to launch from the gnome application menu with a .desktop file when I specify running as sudo. won't even launch EXEC=sudo python /usr/bin/app_launcher....


Permissions, Python Script

I am learning to write Python Scripts for work and I have run into some problems. The script is supposed to read a file, and print the permissions to an email. My problem is I am getting an error when it tries to call the permission() method, and I don't know how to fix it. Python Code import smtplib import os import stat result = "" def permission(file): s = os.stat(file)...


Python CGI permissions error

I can't seem to open and write to a text file from my CGI script.. I keep getting permissions errors (which I see from CGITb) Whenever I try to do this: f = open("/Users/varatis/Documents/data.txt","a+") I get this: <type 'exceptions.IOError'>: [Errno 13] Permission denied: '/Users/varatis/Documents/data.txt' args = (13, 'Permission denied') errno = 13 ...


zip - Set permissions on a compressed file in python

I have a file test.txt that is inside a zip archive test.zip. The permissions on test.txt are out of my control when it's compressed, but now I want them to be group-writeable. I am extracting the file with Python, and don't want to escape out to the shell. EDIT: Here's what I've got so far: import zipfile z = zipfile.ZipFile('test.zip', 'w'...


python - Will Django be a good choice for a permissions based web-app?

I've been exploring the details of Django for about a week now and like what I see. However I've come upon some.. negativity in relation to fine-grained control of permissions to the CRUD interface. What I'm writing is an Intranet client management web-app. The organisation is about 6 tiers, and I need to restrict access to client groups based on tiers. Continually expanding. I have a fairly good idea how I'm going...


chmod - check permissions of directories in python

i want a python program that given a directory, it will return all directories within that directory that have 775 (rwxrwxr-x) permissions thanks!


python - Permissions for a site only

I have a multilingual Django project. Every language is a different subdomain. So we've decided to use the "sites" application and to create one different site for every language. On that project, I also have a "pages" application, which is quite similar to a CMS. The user can create pages with content and they'll be displayed in the appropriate language site. Now I'm looking to be able to manage advanced p...


python - DB Permissions with Django unit testing

Disclaimer: I'm very new to Django. I must say that so far I really like it. :) (now for the "but"...) But, there seems to be something I'm missing related to unit testing. I'm working on a new project with an Oracle backend. When you run the unit tests, it immediately gives a permissions error when trying to create the schema. So, I get what it's trying to do (create a clean sandbox), but what...


python - How do I change permissions to a socket?

I am trying to run a simple Python based web server given here. And I get the following error message: Traceback (most recent call last): File "webserver.py", line 63, in <module> main() File "webserver.py", line 55, in main server = HTTPServer(('', 80), MyHandler) File "/usr/lib/python2.5/SocketSe...


linux - Dropping Root Permissions In Python

I'd like to have a Python program start listening on port 80, but after that execute without root permissions. Is there a way to drop root or to get port 80 without it?


setting permissions of python module (python setup install)

I am configuring a distutils-based setup.py for a python module that is to be installed on a heterogeneous set of resources. Due to the heterogeneity, the location where the module is installed is not the same on each host however disutils picks the host-specific location. I find that the module is installed without o+rx permissions using disutils (in spite of setting umask ahead of running setup.py). One solutio...


python - Django 1.2 object level permissions - third party solutions?


python - Django Inlines user permissions + view only - permissions issues

I'm not sure if this is a bug or I'm just missing something (although I have already parsed the documentation about inlines), but: Let's say I have a model A. Model A is an inline of model B. User U has full access to model B, but only change permissions to model A (so, no add, nor delete). However, when editing model B, user U can still see the "Add another A" link at the bottom, although U hasn't add perm...






Still can't find your answer? Check out these communities...



PySlackers | Full Stack Python | NHS Python | Pythonist Cafe | Hacker Earth | Discord Python



top