Coder Social home page Coder Social logo

go2s3's Introduction

go2s3

This is a small test program to exercice a security model on AWS using instance role and assume role switching.

Test buckets and permission are created by terraform (See terraform folder)

cd .../go2s3/terraform
terraform init
....
terraform apply
....

Of course, you must have valid AWS administrator credential to issue these commands

Then:

./setup/install.sh

Will create an appropriate python virtualenv.

. ./setup/activate.sh

Will activate it.

Then, you can exercise the small python code. The first parameter is a switch to an authentication method:

  • none: No authentication at all (Use the instance role, if any)
  • user1/2: Use a specific IAM account with explicit credential. These account must be created manually. (They are not part of the terraform manifest mantionned above.)
  • single_gha1/2: Switch to such role

The second parameter is the target bucket name

# Using instance role will allow access to gha-common-1 bucket 
$ python py/main.py none gha-common-1
gha_common_content/xx.txt

# But not to gha1-primary-1 
$ python py/main.py none gha1-primary-1
ERROR: Unable to access bucket 'gha1-primary-1': An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied

# Nor gha2-primary-1
$ python py/main.py none gha2-primary-1
ERROR: Unable to access bucket 'gha2-primary-1': An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied

# Switching to single1_gha1 allow access to gha1-primary-1
$ python py/main.py single1_gha1  gha1-primary-1
gha1_primary1_content/xx.txt

# But not to gha2-primary-1 
$ python py/main.py single1_gha1  gha2-primary-1
ERROR: Unable to access bucket 'gha2-primary-1': An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied

# Switching to single1_gha2 allow access to gha2-primary-1
$ python py/main.py single1_gha2  gha2-primary-1
gha1_primary2_content/xx.txt

go2s3's People

Contributors

sergealexandre avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.