Wednesday, November 19, 2014

How to restrict Amazon s3 bucket access permissions for a user

Amazon simple storage or s3 is one of the commonly used cloud storage technology. In Amazon s3 we can create buckets as storage locations. Inside each bucket we can create directories or folders and store objects(files,videos etc). In a normal amazon aws account we can create at most 100 buckets. Also we can set permissions for each bucket. We can create IAM users and restrict bucket access to each users. Such as some users will have access to all the buckets, some will have access to only a few buckets, some will have only read or write or both permissions on buckets.

In this example we will see how to set permissions for a particular user "randeep" for buckets bucket1 and bucket2. The user will not have any access to any other buckets.

This is done by creating/adding a custom policy in the IAM console of the aws.

We will login to IAM console -> users -> randeep

Under user policies, click on Attach User Policy. Select custom policy and proceed to next.

You will be prompted to give a Policy name and Policy Document. You can give any name. Such as "s3accessrandeep". In the Policy document give the policy as below.
{
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:GetBucketLocation", "s3:ListAllMyBuckets"],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": ["s3:ListBucket" ],
"Resource": [ "arn:aws:s3:::bucket1","arn:aws:s3:::bucket2"]
},
{
"Effect": "Allow",
"Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject"],
"Resource": [ "arn:aws:s3:::bucket1/*", "arn:aws:s3:::bucket2/*"]
}
]
}
With the above policy, user randeep will have put(upload),get(download),and delete permissions on the buckets bucket1 and bucket2

You can also test the policy using the Simulate policy tool.

In the Policy simulator,
Select the service as s3.

In the select actions, select GetObject, PutObject, DeleteObject, CreateBucket, and DeleteBucket

In simulation settings,In the resource name format, specify arn:aws:s3:::bucket1/* and run simulation.
With the policy we created we get access allowed for GetObject, PutObject, DeleteObject and denied for CreateBucket, DeleteBucket. Repeat the simulation with the second bucket arn also. Please comment if you have any difficulties regarding this.

Sunday, October 12, 2014

creating ppk key from pem

For the people who use Amazon Web Services and EC2 or those who use ssh keys to log in to the Linux or UNIX systems using putty will have to convert .pem keys to ppk (putty private key). To create pem from ppk check here.

Here is how we do it in Windows platform:
We need to use a software called PuttyGen. Download it from here.

PuTTY Download Page

Double click on the downloaded puttygen. Its binary executable. We dont need to install it.

Friday, March 14, 2014

Installing CentOS Linux on HP ProLiant ML10

This article explains how to install CentOS Linux on HP ProLiant ML10 and also installing the Linux drivers for Smart Array B110i SATA with RAID 1. We will be installing Centos 5.7 in this example. As the driver for the storage controller is not there in Centos by default, We need to create usbkey with required drivers and specify the path while the installation starts. Well. Its not that complicated.