Skip to content

Preview: File Explorer for AWS S3

This feature is a preview.

Contact Privacera Support to request enabling this feature.

With the File Explorer for AWS S3 you can browse S3 buckets and their files and folders. You can upload and retrieve the data to and from the bucket. With resource policies you associate with the bucket, you can control access by granting or denying permissions for users, groups, or roles.

Prerequisites#

  1. Be sure you have added the Data Access Server using AWS IAM Role only.

    Note

    To use the AWS S3 signed URL, you must add the following property in the Application Properties > Custom Properties for the dataserver data resource. The property value can be any string.

        dataserver.shared.secret=<provide_any_value>
    
  2. Set up Cross-Origin Resource Sharing (CORS) on your S3 bucket. Refer to AWS documentation on how to set-up CORS. Use the following permission JSON to set up CORS:

    [
        {
            "AllowedHeaders": [
                "*"
            ],
            "AllowedMethods": [
                "PUT",
                "GET"
            ],
            "AllowedOrigins": [
                "https://privaceracloud.com"
            ],
            "ExposeHeaders": []
        }
    ]
    

Connect S3 Application#

To access an AWS S3, connect the S3 application. See AWS S3.

Modify Resource Policy#

Navigate to Access Manager > Resource Policies. Click the privacera_s3 repo. It will display the list of policies defined in the repo.

Modify the default policy or create a new one. For more information on creating a policy, see Resource Policies.

In Bucker Name, add a bucket name to browse a specific bucket. To add all the buckets, add * in the field.

In Object Path, add an object path to browse the resources stored in the path. To add all the object paths, add * in the field.

In Allow Condition, add the following in the fields:

  • Permissions: Select metadata read.
  • Select Group: Select public.

File Explorer#

To view the list of files and folders of a S3 bucket, do the following:

  1. Navigate to Data Inventory > File Explorer.

    Since the policy is enabled, all the S3 buckets are displayed on the File Explorer page.

  2. On the File Explorer page, you can do the following actions:

    Action Description
    Refresh Refreshes the S3 buckets
    Search Search for a particular bucket
    Filter Hides or shows columns
    Create Folder Creates a folder
    Upload Uploads a file.
    Delete Deletes files or folders
    Calculate Calculates folder size
    Copy to Clipboard Copies the object path

Example#

By managing the permissions in the policy, you can provide access control on the S3 bucket. In this use case, you will see how you can allow/restrict a user from uploading files to a S3 bucket, and view the activity in an audit log.

  1. Create a policy with Read and Write permissions.

  2. Upload a file by performing the following steps:

    1. Navigate to Data Inventory > File Explorer.

    2. Go to the S3 bucket where you want to upload the file.

    3. Click Upload.

      Add File popup is displayed.

    4. Choose the file to upload and click Upload button.

      The file is uploaded with a success message and seen in the listing.

    5. Navigate to Access Manager > Audits to view the audit log for the upload action.

  3. Edit the policy and remove the Write permission.

  4. Upload a file by performing the following steps:

    1. Navigate to Data Inventory > File Explorer.

    2. Go to the S3 bucket where you want to upload the file.

    3. Click Upload, Add File popup is displayed.

    4. Choose the file to upload and click Upload button.

      "Access Denied" error message is displayed.

    5. Navigate to Access Manager > Audits to view the audit log for the denied upload action.


Last update: March 22, 2022