Is it possible to share a bucket between some S3 users ?
I've a S3 account for the user "me@myself.com" who can manage the bucket "my_bucket". Can I share this bucket with the S3 users "you@yourself.com" and "youtoo@yourself.com" ? i.e. They log in their S3 account and see my bucket ?
If not, is there any way to do this ? With bucket policy ?
I'm confused... thank you for your answer.
Fro_oo
It is possible to share buckets between existing AWS users without using IAM.
Using the console (or the API), add permissions on the bucket for each AWS User. In the Grantee field add the users email address or canonical userid (to get this, log into your AWS account, go to Account - Security Credentials, scroll to the bottom and click the link to reveal ID)
The only issue I see, is that there doesn't seem to be any way to access these shared buckets in the AWS Console. But many of the 3rd party tools do provide this facility and you can access them using the API.
You can use s3cmd to do this.
- First determine the Canonical User ID of the user you want to share a bucket with.
- Both parties install s3cmd and set up credentials:
s3cmd --configure - The bucket owner does this:
s3cmd setacl --acl-grant=read:<canonical-user-id> s3://BUCKETNAME[/OBJECT] - The recipient can then see the bucket:
s3cmd ls s3://BUCKETNAME[/OBJECT]
Note: In addition to read, write, read_acp, write_acp, full_control and all are possible, where write_acp means the user can change the access control permissions.
Take a look at AWS Identity and Access Management (IAM).
来源:https://stackoverflow.com/questions/6412702/is-it-possible-to-share-a-amazon-s3-bucket-between-amazon-s3-users