Author Topic: Amazon S3 security for Photo Mechanic 5  (Read 5318 times)

Offline markmacumber

  • Newcomer
  • *
  • Posts: 3
    • View Profile
Amazon S3 security for Photo Mechanic 5
« on: June 28, 2015, 05:49:18 PM »
Hi Camera Bits,

We are using your software to upload high-res photography into Amazon S3, I am the technical lead for the project and I want to make sure that we can lock down the S3 bucket using AWS IAM security.

I have noticed (through your other forums) that you MUST use the US-Standard region when creating a bucket for upload, but what credentials can I grant/deny to ensure that ONLY photo mechanic users (and authorised others) can access the S3 bucket?

At the moment, I have enabled "Everyone" read/write access which is not safe or secure at all...

Cheers,
Mark

Offline Kirk Baker

  • Senior Software Engineer
  • Camera Bits Staff
  • Superhero Member
  • *****
  • Posts: 24730
    • View Profile
    • Camera Bits, Inc.
Re: Amazon S3 security for Photo Mechanic 5
« Reply #1 on: June 29, 2015, 09:12:58 AM »
Mark,

We are using your software to upload high-res photography into Amazon S3, I am the technical lead for the project and I want to make sure that we can lock down the S3 bucket using AWS IAM security.

I have noticed (through your other forums) that you MUST use the US-Standard region when creating a bucket for upload, but what credentials can I grant/deny to ensure that ONLY photo mechanic users (and authorised others) can access the S3 bucket?

At the moment, I have enabled "Everyone" read/write access which is not safe or secure at all...

I don't know the specific permissions you should set, but I suggest choosing the tightest permissions that allow PM to upload and your authorized users to access your files.  Have you tried changing them and found that PM cannot upload unless "Everyone" is allowed access?

-Kirk

Offline markmacumber

  • Newcomer
  • *
  • Posts: 3
    • View Profile
Re: Amazon S3 security for Photo Mechanic 5
« Reply #2 on: June 29, 2015, 03:16:41 PM »
Yes that is what I have found so far, since I dont know what profile or user PM uses to upload, its hard to know what permissions to set.

Can you help me with identifying this?

tstepp

  • Guest
Re: Amazon S3 security for Photo Mechanic 5
« Reply #3 on: June 29, 2015, 05:55:18 PM »
Hey Mark,

You can manage access permissions for specific Amazon S3 buckets via the AWS Console. Instructions around configuring access for IAM users/groups can be found here: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example1.html

Let me know if you run into any issues during your configurations.


Offline markmacumber

  • Newcomer
  • *
  • Posts: 3
    • View Profile
Re: Amazon S3 security for Photo Mechanic 5
« Reply #4 on: June 29, 2015, 06:02:52 PM »
Hey Mark,

You can manage access permissions for specific Amazon S3 buckets via the AWS Console. Instructions around configuring access for IAM users/groups can be found here: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example1.html

Let me know if you run into any issues during your configurations.

Hi Tim,

Thanks, I am across how to lock it down from that perspective, what I meant to ask was, when you setup the connection to S3 in PM (using the Access Key and Secret) at that level, we need to lock down the IAM roles for the bucket, so do we simply just use the AWS console to create a new IAM user, then restrict permissions to only access the S3 bucket?


Offline nick.lagalle

  • Newcomer
  • *
  • Posts: 20
    • View Profile
Re: Amazon S3 security for Photo Mechanic 5
« Reply #5 on: July 04, 2015, 09:53:59 PM »

Hey Mark,

You can manage access permissions for specific Amazon S3 buckets via the AWS Console. Instructions around configuring access for IAM users/groups can be found here: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example1.html

Let me know if you run into any issues during your configurations.

Hi Tim,

Thanks, I am across how to lock it down from that perspective, what I meant to ask was, when you setup the connection to S3 in PM (using the Access Key and Secret) at that level, we need to lock down the IAM roles for the bucket, so do we simply just use the AWS console to create a new IAM user, then restrict permissions to only access the S3 bucket?

Yes just handle it from AWS. PM just has the option for the access key/secret to be entered. The rest is done within the AWS console with permissions


Sent from my iPhone using Tapatalk