Hi Matthias, One possible way to achieve your need is to set a quota on number of buckets at user level (see https://docs.ceph.com/en/reef/radosgw/admin/#quota-management). Quotas are under admin control. Rgds, Peter Le dim. 1 oct. 2023, 10:51, Matthias Ferdinand <mf+ml.ceph@xxxxxxxxx> a écrit : > Hi, > > I am still evaluating ceph rgw for specific use cases. > > My question is about keeping the realm of bucket names under control of > rgw admins. > > Normal S3 users have the ability to create new buckets as they see fit. > This opens opportunities for creating excessive amounts of buckets, or > for blocking nice bucket names for other uses, or even using > bucketname-typosquatting as an attack vector. > > In AWS, I can create some IAM users and provide per-bucket access to > them via bucket or IAM user policies. These IAM users can't create new > buckets on their own. Giving out only those IAM credentials to users and > applications, I can ensure no bucket namespace pollution occurs. > > Ceph rgw does not have IAM users (yet?). What could I use here to not > allow certain S3 users to create buckets on their own? > > > Regards > Matthias > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx > _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |