- Notes, cautions, and warnings
- Overview
- Getting Started with ECS
- Storage Pools, VDCs, and Replication Groups
- Authentication Providers
- Namespaces
- Users and Roles
- Identity and Access Management (S3)
- Buckets
- Introduction to buckets
- Working with buckets in the ECS Portal
- Create a bucket using the S3 API (with s3curl)
- Bucket, object, and namespace naming conventions
- Disable unused services
- File Access
- Introduction to file access
- ECS multi-protocol access
- Working with NFS exports in the ECS Portal
- Working with user/group mappings in the ECS Portal
- ECS NFS configuration tasks
- Mount an NFS export example
- NFS access using the ECS Management REST API
- NFS WORM (Write Once, Read Many)
- S3A support
- Geo-replication status
- Maintenance
- Certificates
- ECS Settings
- ECS Outage and Recovery
- Advanced Monitoring
- Advanced Monitoring
- View Advanced Monitoring Dashboards
- View mode
- Export CSV
- Data Access Performance - Overview
- Data Access Performance - by Namespaces
- Data Access Performance - by Nodes
- Data Access Performance - by Protocols
- Disk Bandwidth - by Nodes
- Disk Bandwidth - Overview
- Node Rebalancing
- Process Health - by Nodes
- Process Health - Overview
- Process Health - Process List by Node
- Recovery Status
- SSD Read Cache
- Tech Refresh: Data Migration
- Top Buckets
- Automatic Metering Reconstruction
- Share Advanced Monitoring Dashboards
- View Advanced Monitoring Dashboards
- Flux API
- Dashboard APIs
- Advanced Monitoring
- Document feedback
ECS 3.6.1 Administration Guide
Access Management
Access is managed by creating policies and attaching them to IAM identities or resources.
Policies
A policy is an object that when associated with an identity or resource defines their permissions. Permissions in the policies determine if the request is permitted or denied. Policies are stored in JSON format. ECS IAM enables creation, modification, listing, assigning, and deletion of policies on an identity or resource.
The following policy types are supported:
| Policies | Description |
|---|---|
| Identity-based policies | Policies that are assigned to users, groups, and roles which grant permissions to an identity.
|
| Resource-based policies | These are inline policies that are assigned to an ECS resource that grants specified principal permission to perform specific action on the resource.
|
| Permission Boundaries | Use a managed policy as the permissions boundary for an IAM entity (user or role). That policy defines the maximum permissions that the identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. |
| Session policies | Session policies are used with AssumeRole and AssumeRoleWithSAML APIs. Session policies limit the permissions that the role or user's identity-based policies grant to the session. Session policies limit permissions for a created session, but do not grant permissions. |
| Access Control Lists (ACLs) | Tweaked existing ECS ACLs on buckets and objects to support IAM use cases. ACLs are cross-account permissions policies that grant permissions to the specified principal. ACLs cannot grant permissions to entities within the same account. |
ECS IAM protects the following resources:
- Object Head API
- S3 (buckets and objects)
- STS APIs
- AssumeRole (Provides temporary credentials for cross account access)
- AssumeRoleWithSAML (Provides temporary credentials for SAML authenticated users)
- IAM API
ACLs
Access control lists enable to manage access to objects and buckets. An ACL is attached to all objects and buckets.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\