Skip to main content

Expanding on the Example

info

For an example on how to use those new S3 bucket with the API or SDK, refer to the Quickstart.

S3 Buckets

Although we created two buckets, a single one could be used to serve as both source and destination

warning

Exercise caution when moving / deleting objects so as not to mistakenly delete your precious input data

Policies

The various policies created in this tutorial have a broad scope (they qualify access to entire S3 buckets). You may instead list a series of subfolder, eg.:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:GetObject"],
      "Resource":
        [
          "arn:aws:s3:::source-bucket-uniquename/folder_1",
          "arn:aws:s3:::source-bucket-uniquename/folder_2"
        ]
    }
  ]
}

Users

We created many users with very few permissions each, following the least access principle. You may instead use a single user with all required permissions. Simply attach all the required policies to this one user.

warning

Since you will be submitting access keys through the TitanQ API, it may be prudent to still limit the extent of what the attached policies

Credentials

For increased security, credentials can be de/reactivated as needed
- They can be generated on-demand (programmatically, through the AWS CLI or SDKs available for many programming languages) and destroyed after each use

info

A single user can have up to two Access Keys

S3 Buckets
Policies
Users
Credentials