Skip to main content

Privacera Documentation

Table of Contents

Configure access policies for AWS services on Privacera Platform

Use Access Management to configure resource-based services and add access policies to them.

Set up a data access server environment

  1. From the home page, click Launch Pad.

  2. Click AWS Cli and follow the prompts.

Set up proxy for user

  • From a terminal prompt, enable the proxy.

    ~/privacera_aws.sh --enable-proxy

Use S3 with data access server

  1. From a terminal prompt, list the contents of test-bucket. (${test-bucket}) is mentioned as an example across the document. You can change the bucket name as per your choice.

    aws s3 ls s3://test-bucket
  2. From a terminal prompt, copy a local file to test-bucket.

    aws s3 cp srcFile.txt s3://test-bucket/dstFile.txt

    It will show the following result: upload failed: ./srcFile.txt to s3://test-bucket/dstFile.txt An error occurred (403) when calling the PutObject operation: Forbidden. This indicates that the current user doesn’t have permission to perform this operation.

Set S3 policy in Privacera

Create a policy to allow the user access to test-bucket for READ and WRITE operations.

  1. From the home page, click Access Management > Resource Policies.

  2. On the Resource Policies page, click privacera_s3 > Add New Policy.

  3. Enter the details.

    • Policy Name: s3_test_policy

    • Bucket Name: test-bucket (S3 Bucket Name)

    • Object Path: * (File/Directory/Object Path Inside Bucket)

    • Under Allow Conditions, click '+' and select:

      • User: User’s username to which you want to allow access.

      • Add Permission as: read, metadata read, write, metadata write

  4. Click Save.

Copy a file to S3

  1. From a terminal prompt, copy the local file to test-bucket.

    aws s3 cp srcFile.txt s3://test-bucket/dstFile.txt
  2. Verify that the copy was successful.

    aws s3 ls s3://test-bucket/