-1

We have an amazon s3 account and a number of important documents are saved there in the bucket. Is there a way we can secure those resources so that they are not deleted from the S3 account by any team member other than the primary account holder? Also, how can we back up all the S3 resources in a google drive? Thanks in advance.

Chandrima Datta
  • 1

3 Answers3

0

The highest level of securing object from being delete is by using

  • MFA delete which can only be enabled by the root user.

The MFA delete also will not allow for disabling versioning in your bucket.

Regarding Google drive, I'm not aware of any build in AWS tool for that. I think you would have to look at some third party tools, or develop your own.

Marcin
  • 215,873
  • 14
  • 235
  • 294
0

For backing up all S3 resources to Google Drive (or vice versa) - rclone running on a schedule is probably one of the simplest solutions that can achieve this nicely for you

Icehorn
  • 1,247
  • 8
  • 15
0

Confidential documents

Some organizations keep confidential documents in a separate AWS Account, so that normal users do not have access to the documents.

Cross-account read permissions can be granted to appropriate users (eg for confidential HR documents).

Critical documents

If you just wish to "backup" to avoid accidental deletion, one option is to use Amazon S3 Same Region Replication to copy documents to another bucket. The destination bucket can be in a different account, so normal users do not have the ability to delete the copies.

In both cases, credentials to the secondary accounts would only be given sparingly, and they can also be protected by using Multi-Factor Authentication.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470