Home » Questions » Computers [ Ask a new question ]

Limited access to Amazon S3 buckets

Limited access to Amazon S3 buckets

Is it possible to somehow limit the access to an Amazon S3 account. I don't really like the idea of distributing my secret access key to all of my applications, that want to access just a single bucket on my account. If someone gains access to one of the applications, I could loose all my data stored on S3.

Asked by: Guest | Views: 27
Total answers/comments: 1
Guest [Entry]

"I think this will answer your question:

Scroll down and start reading at Michael Fisher's answer.

DO NOT hardcode your key on the
client. The right way to do this is
(via a secure channel) to deliver a
pre-built request with an encrypted
signature -- this signature can be
built with the API provided by S3.

You can extract the composition of the
encrypted signature reqest from one of
the request objects in the S3.cs class
(I am referring to the C#
implementation - not sure which you
are using but they should be pretty
analagous). Then have your client
securely request the object from your
server side, and rather than spit back
the object, spit back the formated
request. I believe this is the most
secure technique, assuming again that
you've properly secured the channel
(SSL, or whatever scheme you choose)."