Skip to main content

Privacera Documentation

Configure AWS S3 resource policies

AWS S3 supports access policies.

  • Bucket Name: Specify the bucket name. For example: aws-athena-query-result

    Note: Wildcard characters such as '*' are allowed if you want to give access to all buckets. |

  • Object Path: Specify the object path. It accepts wildcard character such as '*'.

    • Recursive: This allows you to view multiple folders based on the mentioned object path.

    • Non-recursive: This allows you to view specific folders based on the mentioned object path.

Example:

If the Bucket name is {bucket-AWS} and the Object path is {path1},

  • Sample 1: s3://bucket-AWS/path1/

  • Sample 2: s3://bucket-name/path1/path2/

If the Recursive toggle button is enabled [the default behavior], you can view all files within the path1 and path2 folders.

If the Recursive toggle button is disabled, you won't be able to view any files in the path1 folder.

  • Allow Conditions:

    • Permissions:

      • Read: READ permission on the URL permits the user to perform HiveServer2 operations which use S3 as a data source for Hive tables.

      • Write: WRITE permission on the URL permits the user to perform HiveServer2 operations which write data to the specified S3 location.

      • Delete: DELETE permission allows you to delete the resource.

      • Metadata Read: METADATA READ permission allows you to run HEAD operation on objects. Also, this permission list buckets, list objects and retrieves objects metadata.

      • Metadata Write: METADATA WRITE permission allows you to modify object's metadata and object's ACL, Tagging, Cros, etc.

      • Admin: Administrators can edit or delete the policy, and can also create child policies based on the original policy.