Security

Create ACLs for API-driven cloud storage with CloudBerry Explorer

Cloud storage is a challenge for organizations in many ways, with security being one of the foremost concerns. IT pro Rick Vanover shows how to modify access control lists in cloud storage with a free tool.

For Amazon Web Services, there are effectively two cloud storage offerings. The first is Elastic Block Store, which functions like a disk attached to a server in a cloud instance. The other is the Simple Storage Service (S3) cloud. S3 is an API-driven storage platform that you can access through code or Web tools. This storage requires a different approach, but I believe it will definitely find a home for use cases such as data protection.

For the S3 cloud, when content is uploaded, there is an associated access control list (ACL) that goes with the object. This can allow public access for anyone with the URL to download the file, or you can create additional permission-based access. This is a very important configuration that, depending on the use case, can make or break your case for the cloud. One tool that is available in the space to manage these ACLs as well as other elements of S3 storage is the CloudBerry Explorer. I've mentioned them before on this blog for their quick action to have the Explorer product support additional storage providers in the cloud.

The ACL for the S3 cloud is flexible, yet not overwhelmingly complex. It is a quick read on the AWS documentation site, which explains how ACLs are applied. For modifying ACLs on S3-based storage, the CloudBerry Explorer tool allows this to be done directly in the intuitive graphical interface, as shown in Figure A. Figure A

Figure A

Click image to enlarge

Within CloudBerry Explorer, e-mail address access can be assigned as well as Web URLs can be obtained for access to the stored data. AWS introduces the concept of Grantees, which are owner, e-mail user, canonical user, AWS user group, anonymous group, and owner. Like other permission models, the endpoint access can be one of many things in this case for AWS.

The ACL configuration interface within CloudBerry Explorer can also assign rights to be propagated to subfolders and files, an important step in managing large amounts of data. If you are working with S3 storage, how are you managing your ACLs? Share your comments below/

About Rick Vanover

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

Editor's Picks

Free Newsletters, In your Inbox