Skip to main content

Privacera Documentation

Preview: File Explorer for AWS S3

This feature is a preview.

Note

Contact Privacera Support to request enabling this feature.

You can browse AWS S3 buckets and their associated files and folders using the File Explorer for AWS S3 under your application name tabs. You can use the bucket to upload and retrieve data. You can control access by granting or denying permissions to users, groups, or roles through the resource policies associated with the bucket.

Prerequisites

  1. Be sure you have added access methods for AWS IAM Roles only.

    Note

    To use the AWS S3 signed URL, you must add the following property in the Application Properties > Custom Properties for the dataserver data resource. The property value can be any string.

    dataserver.shared.secret=<provide_any_value>
    
  2. Set up Cross-Origin Resource Sharing (CORS) on your S3 bucket. See AWS documentation on how to set up CORS. Use the following permission JSON to set up CORS:

    [
        {
            "AllowedHeaders": [
                "*"
            ],
            "AllowedMethods": [
                "PUT",
                "GET"
            ],
            "AllowedOrigins": [
                "https://privaceracloud.com"
            ],
            "ExposeHeaders": []
        }
    ]

Connect S3 Application

To access an AWS S3, connect the S3 application. For more information, see Connect S3 to PrivaceraCloud.

Modify Resource Policy

To browse the bucket and its objects, you must first create an S3 browsing policy. This policy should exist to execute list, read, write, and delete operations on the bucket and its objects.

  1. Navigate to Access Manager > Resource Policies, and then click the privacera_s3 repo.

    It will display the list of policies defined in the repo.

  2. Modify the default policy or create a new one. For more information on creating a policy, see Resource policies.

    1. In the Bucket Name field, add a bucket name to browse a specific bucket or add * in the field to browse all bucket.

    2. In the Object Path field, add * in the field to list objects in bucket.

    3. In the Allow Condition section, do the following:

      1. Under Permissions, click Add Permissions and select metadata read.

      2. Under Select Role, select a Role in which the user is present.

        Or

        Under Select Group, select public (not recommended).

        Note

        Its recommended to create a User Group, add the user to that group and select that group.

        Or

        Under Select User, select the user.

      3. Click Save.

File Explorer

To view the list of files and folders of a S3 bucket, do the following:

  1. Navigate to Data Inventory > File Explorer.

    Since the policy is enabled, all the S3 buckets under the application names tabs are displayed.

  2. On the File Explorer page, you can do the following actions:

    Action

    Description

    Refresh

    Refreshes the S3 buckets

    Search

    Search for a particular bucket

    Filter

    Hides or shows columns

    Create Folder

    Creates a folder

    Upload

    Uploads a file.

    Delete

    Deletes files or folders

    Calculate

    Calculates folder size

    Copy to Clipboard

    Copies the object path

Example

You can control access to the S3 bucket by managing the permissions in the policy. In this use case, you'll learn how to allow/restrict a user from uploading files to an S3 bucket, as well as how to monitor the activity in an audit log.

  1. Create a policy with Read and Write permissions.

  2. To upload a file, perform the following steps:

    1. Navigate to Data Inventory > File Explorer.

    2. Go to the S3 bucket where you want to upload the file.

    3. Click Upload.

      Add File popup is displayed.

    4. Choose the file to upload and click Upload button.

      The file is uploaded with a success message and seen in the listing.

    5. Navigate to Access Manager > Audits to view the audit log for the upload action.

  3. Edit the policy and remove the Write permission.

  4. To upload a file, perform the following steps:

    1. Navigate to Data Inventory > File Explorer.

    2. Click the tab of your application name, and select the S3 bucket where you want to upload the file.

    3. Click Upload, Add File popup is displayed.

    4. Choose the file to upload and click Upload button.

      "Access Denied" error message is displayed.

    5. Navigate to Access Manager > Audits to view the audit log for the denied upload action.