How to specify join hints with Spark 3.0?
February 5, 2021How to convert RDD to DataFrame and Dataset in Spark?
February 10, 2021In this post we are going to create a S3 policy to make the S3 bucket read-only. We will be denying all users access to create or remove objects in the bucket.
Creating a policy with policy generator
AWS provides a user friendly tool to create policies. Based on the selected options, the tool will generate a policy in JSON format.
Here we are creating a Deny policy for all Principals. Under Actions we select PutObject and DeleteObject. Make sure to add the ARN correct bucket name – arn:aws:s3:::hirw-test-bucket/* . In this example we are protecting hire-test-bucket.
Click generate policy and copy the JSON.
Go back to the AWS S3 console and open the bucket.
Paste the JSON under Bucket Policy by clicking Edit.
Check bucket permissions
Currently we have only one file in the hirw-test-bucket
[osboxes@wk1 ~]$ aws s3 ls s3://hirw-test-bucket 2020-11-18 19:05:41 26 test-file
Let’s try to upload an object and recursively remove objects from the bucket. As you can both operations get an “Access Denied”
[osboxes@wk1 ~]$ aws s3 cp test-file2 s3://hirw-test-bucket upload failed: ./test-file2 to s3://hirw-test-bucket/test-file2 An error occurred (AccessDenied) when calling the PutObject operation: Access Denied [osboxes@wk1 ~]$ aws s3 rm --recursive s3://hirw-test-bucket delete failed: s3://hirw-test-bucket/test-file An error occurred (AccessDenied) when calling the DeleteObject operation: Access Denied [osboxes@wk1 ~]$ aws s3 ls s3://hirw-test-bucket 2020-11-18 19:05:41 26 test-file
