Wyllys Ingersoll <wyllys.ingersoll@xxxxxxxxxxxxxx> writes:
> In Mimic, how extensive is the S3 bucket policy support?
>
> I'm trying to configure a bucket to require encryption using the following
> policy, but it doesn't appear to have any effect, I can still upload
> unencrypted objects. I tried different variations on the policy structure
> but nothing seems to have any effect and I don't see anything in the logs
> (debug_rgw = 5/5).
The policy asks to deny PutObject requests when
s3:x-amz-server-side-encryption is not aws:kms. But if the string is not
supplied the condition is not evaluated.
Try an allow-based policy with StringEquals? also you might want to
restrict the Principal to a specific user/tenant if that is an intent ?
>
> {
> "Version": "2012-10-17",
> "Statement": [
> {
> "Effect": "Deny",
> "Principal": "*",
> "Action": "s3:PutObject",
> "Resource": "arn:aws:s3:::testing/*",
> "Condition": {
> "StringNotEquals": {
> "s3:x-amz-server-side-encryption": "aws:kms"
> }
> }
> }
> ]
> }
>
>
> Thanks,
> Wyllys Ingersoll
> _______________________________________________
> Dev mailing list -- dev@xxxxxxx
> To unsubscribe send an email to dev-leave@xxxxxxx
--
Abhishek Lekshmanan
SUSE Software Solutions Germany GmbH
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah, HRB 21284 (AG Nürnberg)
_______________________________________________
Dev mailing list -- dev@xxxxxxx
To unsubscribe send an email to dev-leave@xxxxxxx
