Remote Network And System Administration Job In IT And Networking

Access to S3 folder using cross-domain IAM role

Find more Network And System Administration remote jobs posted recently Worldwide

What we want to achieve is giving IAM users that are member of a group in AWS Account B access to a folder in an S3 bucket in Account A using a cross-domain IAM role. The folder to which the IAM user in Account B needs access to is a folder with the same name than the IAM user in account B. Exceptions need to be made possible. Both from Account A and from Account B. Not necessarily both at the same time since the setup will be different, I do realize that.

We have account B which has IAM users as part of a group that has an IAM policy that gives them the right to assume a role defined in Account A. The role in account A has account B as a trusted entity.

What is already setup and working?
- I have a IAM policy in account A with a role defined that is linked to a trusted identity (=Account B).
- I have a test.user1 in accountB that has the correct assume role rights for the role in account A that can access the bucket.
- Accessing this bucket works in the console using the option switch role. But the access is too wide at this moment.
I will provide some article with selected person through Toogit chat.

What still needs to be done? What are the deliverables for this job?
- Make it work in the aws cli using the assume role option. I didnt manage to get that working yet.
- Fine tune the IAM policy to make sure the users in account B can only write new objects, nothing else.
- Make sure username test.user1 can only write in folder test.user1 using an IAM variable aws:username.
- Figure out how to create extra policies in Account A to make sure users in Account B can have access to additional folders and test it
- Figure out how to create extra policies in Account B to make sure users in Account B can have access to additional folders and test it

Important remark: I need someone who has done this before and really understands this thoroughly or someone that has the time and has 2 AWS accounts to set it up in test.
About the recuiter
Member since Mar 14, 2020
Simon Dumas
from Pennsylvania, United States

Skills & Expertise Required

DevOps Amazon 
Open for hiringApply before - Nov 2, 2024

Work from Anywhere

40 hrs / week

Fixed Type

Remote Job

$95.25

Cost

Offer to work on this project closes in 58 days!
Are you interested in this Opportunity?

Looking for help? Checkout our video tutorial
How to search and apply for jobs

How to apply? Do you have more questions about the Job?
See frequently asked questions

Other jobs by this client

TCP/IP DHCP Windows Server 2012 expert - Hourly
VICIDIAL Setup/ Integrate with CRM - URGENT JOB - Fixed
Need a creative content maker for Instagram and Facebook - Hourly
Professional Services Company Seeks Salesforce Expertise for salesforce implementation project - Hourly
Oodo specialist - Hourly
accounting software - Hourly
Data Processing - Hourly
Word Press site needed for real estate land selling. Needs to accept secure CC payments. - Fixed
create an excel efficiency reports - Fixed

Similar Projects

Open up a port on an AWS VPC to a docker container

Hi,

We have a Jenkins docker container running in an ECS managed cluster. I need to open up a public port to this container and preferably add it to an ansible playbook to make sure when the container gets rebuilt the IP address gets correc...read more

AWS Release/Deployment Automation

Hi,
We would like automate our current release process for EC2 instances. What we do now is,
1. Start an instance that has been created to create AMIs once we move anything
2. Create an AMI from that instance
3. Create a launch config...read more

Kubernetes Administrator

We are looking for Skilled DevOps freelancer supporting us with:
- Setup and Maintain Kubernetes on bare metal.
- Security on Kubernetes
- Ingress for also non HTTP Protocols
- Backup/Restore ETCD
- Define persistent volume clai...read more

LIMA ONLY!!! DevOps required

ONLY IN LIMA
Looking for a DevOps with 3+ years of expertise.
Experience in CloudFoundry or Kubernetes will be a plus!

The project will last at least one year starting on June. It also can be extended based on quality and needs.
...read more

AWS / Bitnami Expert/ MySQL DBA

Need Immediate support to address server and database related issues with our Wordpress site, using Bitnami with AWS. Thereafter on-going support to update and maintain an existing WordPress website, which includes custom coding. Must be proficient w...read more

Submit A Proposal