Cloudeka
  • Service Portal Cloudeka
  • Starter Guide Deka Flexi
  • Introduction
    • Sign Up
    • Sign In
    • Sign Out
    • Forgot Password
    • Project
      • Create a New Project
      • List Service
      • Delete Project
    • Profile Setting
    • Organization
      • Manage Role Organization
      • Setting Organization
    • Check Audit Log
    • Broadcast
    • Voucher
      • Voucher Trial
      • Voucher Credit
      • Voucher Discount
  • Deka Flexi
    • Deka Flexi: Instance
      • Introduction
      • Machine Type
      • Operating Systems
      • Server Group
        • Create Server Group
        • Detail Server Group
        • Delete Server Group
      • Create a VM Instance
      • Details Instance
        • Deka Agent
        • Power On Instance
        • Power Off Instance
        • Reboot Instance
        • Resize Instance
        • Resize Root Disk
        • Attach Interface
        • Detach Interface
      • Connect to VM Instance
        • Connect to VM Instance via Cloudeka Portal
        • Connect to Windows VM Instance via RDP (Remote Desktop)
        • Connect to Linux VM Instance via SSH
        • Connect to Linux VM Instance via SSH Key
      • Create SSH Keys
      • Delete VM Instance
    • Deka Volume: Storage
      • Creating & Attaching a Storage or Disk
      • Formatting a Disk
        • Formatting & mounting a disk on Windows
        • Formating & mounting a disk on Linux
      • Increase Storage
      • Delete Storage
    • Deka Volume: Images
      • Snapshot
        • Take a Snapshot for Instance
        • Restore a snapshot for Instance
        • Delete a snapshot for Instance
        • Take a snapshot for Storage
        • Delete a snapshot for Storage
      • Backups
      • Custom Image
    • Deka Flexi: Network
      • VPC Network
        • Create VPC Network
        • Edit VPC Network
        • Add/EditPort
        • Delete Port
        • Add/Edit Subnet
        • Delete Subnet
        • Delete VPC Network
      • Floating IP
        • Assign Floating IP
        • Unassign Floating IP
        • Reassign Floating IP
        • Delete Floating IP
    • Deka Flexi: Security
      • Security Firewall Rule
      • Edit Security Firewall Rule
      • Delete Security Firewall Rule
    • Deka SLB
      • Create Load Balancer
      • Configuration Deka SLB
      • Delete Load Balancer
      • Example Use Case
    • Deka VPN
      • Create VPN
      • OpenVPN Configuration
        • Create OpenVPN
        • Add OpenVPN User
        • Edit OpenVPN User Configuration
        • Download OpenVPN
        • Install OpenVPN on Windows
        • Install OpenVPN on MacOS
        • Connection with OpenVPN
        • Delete OpenVPN User
        • Delete OpenVPN
      • IPsec Configuration
        • Create IPsec
        • Connect IPsec
        • View Pre Shared Key
        • Disconnect IPsec
        • Delete IPsec
      • Remote Instance using Putty
      • Delete VPN
    • NAT Gateway
      • Create NAT Gateway
      • Configuration NAT Gateway
        • Add Floating IP
        • Delete Floating IP
        • Add Static Route
        • Delete Static Route
        • Add NAT
        • Delete NAT
      • Remote Instance
        • Create VPC Expert
        • Create Instance
        • Floating IP Configuration
        • Virtual Machine Access Internet
        • Remote Virtual Machine using Computer Terminal
      • Remote Putty
        • Create VPC
        • Configuration Interface
        • Configuration NAT Gateway
        • Configuration Firewall
        • Remote Instance using Putty
      • Delete NAT Gateway
    • Deka Agent
      • Install Deka Agent on Linux
      • Detail Deka Agent
        • Quick CPU / Mem / Disk
        • Basic CPU/ Mem/ NET/ Disk
        • Memory Meminfo
        • Memory Vmstat
        • System Timesync
        • System Processes
        • System Misc
        • Hardware Misc
        • Systemd
        • Storage Disk
        • Storage Filesystem
        • Network Traffic
        • Network Sockstat
        • Network Netstat
        • Node Exporter
      • Export to PDF
      • Monitoring Deka Agent
    • Deka GLB
      • Create Deka GLB
      • Configuration Deka GLB
      • Delete Deka GLB
      • Example Use Case
  • Deka Prime
    • Introduction
    • NSX-T & NSX-V
    • Delete Project
    • Menu Instance
      • Create New Instance
      • Access Console Instance
      • Power On Instance
      • Power Off Instance
      • Detail Instance
      • Configuration NICs
      • Configuration Guest OS
    • Menu Network
      • Create Routed Network
      • Create Isolated Network
      • Edit Network
      • Delete Network
    • Menu Security
      • Firewall
      • NAT
      • Routing
      • IP Set
    • Menu Catalog
    • Configuration Deka Flexi
  • Storage
    • Deka Box
      • Create Deka Box
      • Overview Deka Box
      • Resize Deka Box
      • Managing Deka Box Access Key
      • Access Deka Box using S3 Browser
      • Upload files and folders in S3
      • Enable versioning in S3
      • Create Static Web in S3
      • Delete Deka Box
      • Bucket and Group Access Policies
        • Specify permissions
        • Edit S3 Bucket Policies
    • Deka NFS
      • Create Deka NFS
      • Detail Deka NFS
      • Mount Deka NFS in Instance
      • Unmount Deka NFS in Instance
      • Delete Deka NFS
  • Network
    • Deka CDN
      • Create CDN
      • Location Configuration CDN
      • Configuration CDN via Editor
      • Deploy CDN
      • Renewal SSL
      • Delete CDN
    • Deka DNS
      • Create DNS
      • Setting DNS Management
      • Delete DNS
  • Platform
    • Deka Dbaas
      • Create Data Store
      • Data Store Detail
      • Delete Data Store
      • Database Access Using Other Apps
    • Deka Rock
      • Create Deka ROCK
      • Detail Deka ROCK
      • Machine Set
      • Security Group
      • Maintenance Windows
      • Open Console with Openshift
      • Installing CLI (oc) on Computer
      • Destroy Cluster Deka ROCK
    • Deka Harbor
      • Create Deka Harbor
      • Detail Deka Harbor
      • Configuration Worker
      • Configuration Load Balancer
      • Configuration Inbound Rule
      • Kubernetes Dashboard
      • Delete Deka Harbor
  • Security
    • Deka AST
      • Create Project
      • Scan Project
      • Change Setting Project
      • SAST
      • SAST Issue
      • SAST: Measure Code
      • SAST: Custom Rule
      • SAST: Security Detector
      • SCA
      • Secret Key
      • Repo Missconfiguration
      • Scan Validation AppSec
      • Dynamic Security
      • Integration
      • Report
      • Delete Project
    • Deka SSL
      • Create Deka SSL
      • Download Key SSL
      • Renewal SSL
      • Import SSL
      • Delete SSL
  • CI/CD
    • Deka Registry
      • Create Deka Registry
      • Summary
      • Repositories
      • Logs
      • Labels
      • Tag
      • Member
      • Push
      • Resize
      • Delete Deka Registry
  • Software
    • Deka POP
      • Introduction
      • Detail Deka Pop
  • Monitoring
    • Alerting
      • Create Alert
      • Edit Alert
      • Delete Alert
      • Alerting Tes Implementation
    • Deka Agent
  • Support
    • Support Ticketing
      • Create Ticket
      • Ticket Details
    • Deka Manage Service
      • Bought a Manage Service Package
      • Downgrage/Upgrade Package
      • Unsubscribe Package
  • Billing
    • Check Billing
    • Balance
      • Billing Payment type Postpaid Project
      • Billing Payment type Prepaid Project
  • Miscellaneous
    • NTP Server
    • How to Sync Local and Remote Directories with Rsync
  • Deka GPU
Powered by GitBook
On this page
  • Default Policy
  • Custom Bucket Policy
  • Restrict Access to Certain IP Address
  • Read and Write Access to Specific Users
  • Deny Access for Specific Users
  • Apply Bucket Policy
  1. Storage
  2. Deka Box
  3. Bucket and Group Access Policies

Edit S3 Bucket Policies

PreviousSpecify permissionsNextDeka NFS

Last updated 6 months ago

This guide will explain how to manage access to your buckets and files. Managing bucket policies makes it easy for you to define security rules that apply to more than one file, including all files or some files in a bucket. First, run S3 Browser on your computer.

S3 Browser Icon

Make sure you have added a Deka Box account to your S3, if not, press this link for further explanation. On the S3 Browser page press the Bucket button and select Edit Bucket Policy.

Edit Bucket Policy

Default Policy

The Bucket Policy Editor window appears, it can be seen that currently the "test-bucket" bucket is given permission for anyone to be able to take action to retrieve objects and view the list of objects in the S3 bucket.

Please note that at this time the default is allow access

The following is an explanation of several elements used in the Bucket Policy Editor above.

  • In the Effects section

If allowed, use the “Allow” command so that in the editor it is written like this: "Effect": "Allow". If it is not permitted, use the “Deny” command so that in the editor it is written like this: "Effect": "Deny".

  • In the Principal section

In the image below the Principal section uses “*” which means anyone can access the “test-bucket” bucket. If you want to determine who the permitted users are then you need With ID. To find out the Con ID used, you can contact us.

  • In the Action section

  • In the Resources section

In this section, the bucket that will receive the actions allowed by the policy is defined.

Custom Bucket Policy

This section will explain several examples of customization used in Buckets.

Restrict Access to Certain IP Address

This policy is required if you want to restrict access to a bucket and whether it can be accessed from a specific IP address. So you can add the “Condition” line and include the IP Address range that can access the bucket.

{
    "Statement": [
        {
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::your-bucket/*",
            "Condition": {
                "NotIpAddress": {
                    "aws:SourceIp": "192.0.2.0/24"
                }
            }
        }
    ]
}

Read and Write Access to Specific Users

This policy is required if you want to grant read and write permissions only to users on the Deka Box that access the S3 bucket. To be able to use this policy you need a Con ID used in the Principal section. The Con ID used by users who are allowed to access the bucket so you can contact the Cloudeka Team to find out the Con ID used.

{
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::con-id:user/user-name"
            },
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": "arn:aws:s3:::your-bucket/*"
        }
    ]
}

Deny Access for Specific Users

This policy is required if you want to ensure that certain users cannot access certain buckets. For example, if another registered user is not permitted to access the content in bucket-2 due to security reasons or organizational policy, this policy will prevent that user from taking any action against the bucket and the objects in it.

{
    "Statement": [
        {
            "Effect": "Deny",
            "Principal": {
                "AWS": "arn:aws:iam::123456789012:user/user-ke2"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::bucket-2",
                "arn:aws:s3:::bucket-2/*"
            ]
        }
    ]
}

Apply Bucket Policy

When you have finished configuring, press the Apply button to save the configuration that has been used.

Default Bucket Policy
Effect Section
Principal Section

You can add some actions that can be run which can be seen in the section in a Policy.

Action Section
Resources Section
Apply Bucket Policy
Specify Permissions
Page cover image