All geek questions in one place

Look for tips on setting up and managing your Amazon S3 Buzz in a multi-tenant Rails app

Each tenant will have their own photo gallery where photos are stored on Amazon S3. When I see that S3 is relatively new, I’m looking for tips and tricks for managing this in terms of buckets, IAM groups / users, security, usage reports, and possibly billing.

As I can see, I have two options.

Option 1: One main bucket. Each tenant has a subdirectory where their photos are stored. I will have one IAM group for the entire application and create a new IAM user for each tenant with access only to their subdirectory. In the future, if I want to know how much S3 space the tenant uses, will it be easy to report? Do I have to have a unique access key and AWS secret key for each tenant, even if they go in the same bucket?

Option 2: Each tenant gets his own bucket. Each tenant would receive their own IAM user with access only to their bucket. Is this option better for reporting usage?

General issues:

  • Are there any significant flaws for any option?
  • Is there any other option that I don't know about?
  • Can I report storage through IAM user activity or will this happen at the bucket level?
+4
source share
1 answer

I think you are trying to turn your S3 account into a multi-user thing, but it is not.

Each tenant gets his own bucket

You are limited to 100 buckets , so this is probably not what you want. (If this is not an exclusive web service :)

One main bucket

Ok

IAM user for each tenant

Um, I think there are restrictions for IAM users.

if I want to know how much S3 space is used by the tenant, will it be easy to communicate?

You can easily write a script.

billing

DevPay buckets, 100 . , AWS .

IAM ?

IAM "". " ". , "".

, ?

- EC2, :

  • - EC2. , .
  • , EC2 ( S3, , , ). URL POST/PUT , S3 ( , ).
  • , , URL-, . . , - EC2.

EC2- , URL- .

+8

Source: https://habr.com/ru/post/1529482/

More articles:


All Articles