Remote Network And System Administration Job In IT And Networking

Access to S3 folder using cross-domain IAM role

Find more Network And System Administration remote jobs posted recently Worldwide

What we want to achieve is giving IAM users that are member of a group in AWS Account B access to a folder in an S3 bucket in Account A using a cross-domain IAM role. The folder to which the IAM user in Account B needs access to is a folder with the same name than the IAM user in account B. Exceptions need to be made possible. Both from Account A and from Account B. Not necessarily both at the same time since the setup will be different, I do realize that.

We have account B which has IAM users as part of a group that has an IAM policy that gives them the right to assume a role defined in Account A. The role in account A has account B as a trusted entity.

What is already setup and working?
- I have a IAM policy in account A with a role defined that is linked to a trusted identity (=Account B).
- I have a test.user1 in accountB that has the correct assume role rights for the role in account A that can access the bucket.
- Accessing this bucket works in the console using the option switch role. But the access is too wide at this moment.
I will provide some article with selected person through Toogit chat.

What still needs to be done? What are the deliverables for this job?
- Make it work in the aws cli using the assume role option. I didnt manage to get that working yet.
- Fine tune the IAM policy to make sure the users in account B can only write new objects, nothing else.
- Make sure username test.user1 can only write in folder test.user1 using an IAM variable aws:username.
- Figure out how to create extra policies in Account A to make sure users in Account B can have access to additional folders and test it
- Figure out how to create extra policies in Account B to make sure users in Account B can have access to additional folders and test it

Important remark: I need someone who has done this before and really understands this thoroughly or someone that has the time and has 2 AWS accounts to set it up in test.
About the recuiter
Member since Nov 11, 2022
Munna A
from Couffo, Benin

Skills & Expertise Required

DevOps Amazon

Candidate shortlisted and hiredHiring open till - Apr 22, 2024

Work from Anywhere

40 hrs / week

Fixed Type

Remote Job

$95.81

Cost

Looking for help? Checkout our video tutorial
How to search and apply for jobs

How to apply? Do you have more questions about the Job?
See frequently asked questions

Other jobs by this client

FACADE DEVELOPMENT AND VISUALIZATION - Hourly
Architect and model NodeJS APIs + MongoDB for appointments system - Fixed
Social Network in Spanish - Hourly
Wordpress Website Development - Fixed
Developer needed to complete final steps of Elementor Pro design - Hourly
Ghost Writer Needed To Write Articles Relating To Google Analytics/Adwords/Facebook/App Marketing. - Hourly
Need a Coder For an Instagram Growth Tool Software - Hourly
English to Russian - Fixed
Website scraping - Hourly

Similar Projects

UiPath Studio to Azure Repos Connect

Developer working in UiPath Studio.
Need to directly check in code using UiPath Studio and should be updated in Azure Repository

Need to link to Azure Repository for pushing code from UiPath Studio

Front end developer needed to help with website redesign

Someone who is willing to work within our company walls to get the job done quickly and efficiently. Were on a tight turn around but still want our deliverable to be exceptional quality. Looking to overhaul the current website- already have the desi...read more

Setup and SSL Domain name that points to an AWS Ubuntu Instance running Ethereum

We have an ethereum node (geth) running on an AWS Ubuntu instance.

We would like to have a domain name pointing to our location.

So the domain name needs to be SSL enabled, so that we can give this domain name to others people using...read more

DevOps instructor for courses

Due to continuing demand we are expanding our team and planning to add more trainers to our roster. If you are as passionate as we are about teaching this is the right job for you.

We are looking for an instructor comfortably capable of runn...read more

Auto-approve CSR’s for OCP4

Determine a way to auto-approve CSRs in OCP4 so that the cluster doesnt fall apart when the certs needs to be approved and node to node communication does not stop working.