Bucket Policies¶
EODC CephAdapter¶
Configure s3 CEPH¶
import os
from eodc.workspace import CephAdapter
url = "https://objectstore.eodc.eu:2222"
ACCESS_KEY = os.getenv("ACCESS_KEY")
SECRET_KEY = os.getenv("SECRET_KEY")
BUCKET = "test-ceph-adapter"
s3 = CephAdapter(url, ACCESS_KEY, SECRET_KEY)
Retrieve bucket policy Ceph¶
s3.describe_workspace_policy(workspace_name=BUCKET)
Set Policy Ceph¶
s3.set_workspace_public_readonly_access(workspace_name=BUCKET, object_names=['*'])
S3cmd¶
Configure s3cmd¶
For configuring s3cmd follow these instructions
Retrieve bucket policy¶
s3cmd info s3://BUCKET
Set Policy¶
When setting a policy on a s3 bucket you will grant permissions to specific aws users. The following covers the most suitable access policy permissions for READ and WRITE access.
Grant permissions to an AWS account¶
To grant permissions to an AWS account, identify the account using the following format.
"Principal":{"AWS":"arn:aws:iam::AccountIDWithoutHyphens:root"}
Grant permissions to an IAM user¶
To grant permission to an IAM user within your account, you must provide an “AWS”:”user-ARN” name-value pair.
"Principal":{"AWS":"arn:aws:iam::account-number-without-hyphens:user/username"}
Grant permissions to an anonymous user¶
"Principal":"*"
Read-Access¶
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
Write-Access¶
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject"
],
Delete Policy¶
s3cmd delpolicy s3://BUCKET
Example S3cmd¶
The following example sets a bucket policy for an anonymous User to READ.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicBucket",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::BUCKET-NAME"
]
}
]
}
s3cmd setpolicy acl.json s3://BUCKET
s3cmd info s3://BUCKET