Amazon S3 User Identity Explained
Amazon S3 was designed with developers as its audience. Developers create applications around the Amazon S3 and those applications are used by the end user.
Seeing the amazing growth from Amazon S3, we are also seeing more and more people from real estates, dental office and many other small and medium sized businesses started to use Amazon S3 directly since the aws.amazon.com web-front provides many basic functionalities.
Gladinet supports Amazon S3 from day one with functionalities like map a network drive to Amazon S3; backup to Amazon S3; leverage Amazon S3 as a PC-2-PC sync bridge and conduit. As long as you have your master Amazon S3 account credentials, you can use Gladinet software with Amazon S3.
Now, Amazon introduced IAM (identity and account management) in its aws.amazon.com web interface. This introduced new user identities in one single master account. So now, not only it is possible to have a set of master account credentials, normal S3 admins can also create sub-users for his/her team. It is very good in that it can support a group of users with one single Amazon S3 account and one single billing. However, it also introduced complexity because the sub-accounts have different permissions from the master-account.
Once you are in the account page, click on the Security Credentials link.
Now under the Access Keys section, it is your master account credentials. This set of credentials by default will have all the access to the Amazon S3 account.
You can use this set of account credentials with any of the Gladinet software during the mounting process and it will work by default.
The users created in the IAM web interface will not be able to mount Amazon S3 buckets inside Gladinet software. No worry, there is a S3 Resource Manager that you can assign IAM users to buckets. So user Joe can have access to bucket acme_joe, user Alice can have access to bucket acme_alice. Check out this article about setting it up with the S3 Resource Manager.
Download S3 Manager and Gladinet Cloud Desktop
Amazon S3 as a Network Drive
Cloud Access Solutions for OpenStack
Seeing the amazing growth from Amazon S3, we are also seeing more and more people from real estates, dental office and many other small and medium sized businesses started to use Amazon S3 directly since the aws.amazon.com web-front provides many basic functionalities.
Gladinet supports Amazon S3 from day one with functionalities like map a network drive to Amazon S3; backup to Amazon S3; leverage Amazon S3 as a PC-2-PC sync bridge and conduit. As long as you have your master Amazon S3 account credentials, you can use Gladinet software with Amazon S3.
Now, Amazon introduced IAM (identity and account management) in its aws.amazon.com web interface. This introduced new user identities in one single master account. So now, not only it is possible to have a set of master account credentials, normal S3 admins can also create sub-users for his/her team. It is very good in that it can support a group of users with one single Amazon S3 account and one single billing. However, it also introduced complexity because the sub-accounts have different permissions from the master-account.
All Powerful Master Account Identity
By default, the Amazon S3 master account has all the permissions as the default owner of the account. You can retrieve the master account credentials from the aws.amazon.com site by clicking the Account linkOnce you are in the account page, click on the Security Credentials link.
Now under the Access Keys section, it is your master account credentials. This set of credentials by default will have all the access to the Amazon S3 account.
You can use this set of account credentials with any of the Gladinet software during the mounting process and it will work by default.
Locked Down IAM User Identity
Compared to the all powerful master account, the sub-user you created inside IAM is by default locked down, meaning it doesn’t have any access to Amazon S3 objects when created.The users created in the IAM web interface will not be able to mount Amazon S3 buckets inside Gladinet software. No worry, there is a S3 Resource Manager that you can assign IAM users to buckets. So user Joe can have access to bucket acme_joe, user Alice can have access to bucket acme_alice. Check out this article about setting it up with the S3 Resource Manager.
Summary
The concept is similar to Windows users, the administrators by default can access all the files in the C Drive. The users by default have much less permissions and privileges. Once you got the concept that the Amazon S3 master identity has all the access and the IAM user has none of the access upon creation, the rest is simple.Related Posts
Amazon S3 as a Team Network DriveDownload S3 Manager and Gladinet Cloud Desktop
Amazon S3 as a Network Drive
Cloud Access Solutions for OpenStack
Comments