0

I'm trying to give access to more than 5000 external accounts, my s3 bucket access point.

How can I achieve it?

  • using access points to give permissions to specific folder in S3 Bucket
  • adding all accounts in the policy principle will increase the policy size more than 20kb

adding all accounts to access point policy

manny
  • 59
  • 1
  • 1
  • Tasks like this require FAR more detail. Firstly: why? Access to the whole bucket or just parts of it? Are the accounts grouped, e.g. all in the same organisation? Can this number increase? Is the number of buckets dynamic? What do the access points have to do with that? Have you talked to AWS about this? – luk2302 Mar 24 '23 at 13:13
  • -I have a website with all details of my project and data, all the users who sign up in my website and authorized by me needs to access by s3 bucket and see all data. -I'm going public with my data on S3 bucket – manny Mar 24 '23 at 13:41
  • - all users are outside my organisation – manny Mar 24 '23 at 13:42
  • Do they need access *somehow* or do you actually need to whitelist their account? Alternatively you could create different users in your account, grant those users access to the bucket and in turn provide the partners with credentials for those users. Or create a role which they can sign into via e.g. a custom IDP or cognito, etc. Or have a CloudFront in front of your bucket and send each partner a random token and your cloudfront can verify if that token is valid (e.g. compare it against the tokens stored in a dynamodb) and only present the S3 data if valid, etc. – luk2302 Mar 24 '23 at 13:58
  • - I need this completely automated, i cant create roles in my account and share(limitations), - only way I can share date is through access points. – manny Mar 24 '23 at 14:23
  • You did not answer my questions. E.g. a CloudFront + Token or custom IDP + role would both work and can be automated. Are you already set on access points and if so why, how many, how are they structured, how is the permissions model supposed to look like, ...? I suggest talking to the AWS support or some other professional in a more direct manner than asking on SO. This is too broad / lacking too many details and a constant back and forth with questions is not suitable for SO / how SO works. – luk2302 Mar 24 '23 at 14:56
  • Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. – Community Mar 25 '23 at 05:50

0 Answers0