You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Srikanth Venkat (JIRA)" <ji...@apache.org> on 2018/02/07 17:27:00 UTC
[jira] [Created] (RANGER-1974) Ranger Authorizer and Audits for AWS
S3
Srikanth Venkat created RANGER-1974:
---------------------------------------
Summary: Ranger Authorizer and Audits for AWS S3
Key: RANGER-1974
URL: https://issues.apache.org/jira/browse/RANGER-1974
Project: Ranger
Issue Type: New Feature
Components: Ranger
Reporter: Srikanth Venkat
As an enterprise security admin, I need to be able to define and manage authorization policies for data stored in AWS S3 so that I can manage my access control and authorization entitlements in hybrid and cloud environments along with other data in platforms that Ranger currently authorizes. This feature will should allow interoperability with AWS IAM policies and be able to gather audits from the native cloud audit capabilities such as via AWS CloudTrail.
Implementation considerations:
# AWS S3 IAM information: https://aws.amazon.com/documentation/iam/
# AWS CloudTrail information: https://aws.amazon.com/documentation/cloudtrail/
# This could be a policy mapping or sync mechanism (either online or offline) that will allow Ranger policy conditions, and user/group/role or other policy elements to be mapped to what is available in AWS IAM. This might entail having a different model where the Ranger plugin might not be running in the cloud native service and might require a proxy or other paradigms to be effective.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)