ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Srikanth Venkat (JIRA)" <j...@apache.org>
Subject [jira] [Created] (RANGER-1974) Ranger Authorizer and Audits for AWS S3
Date Wed, 07 Feb 2018 17:27:00 GMT
Srikanth Venkat created RANGER-1974:
---------------------------------------

             Summary: Ranger Authorizer and Audits for AWS S3 
                 Key: RANGER-1974
                 URL: https://issues.apache.org/jira/browse/RANGER-1974
             Project: Ranger
          Issue Type: New Feature
          Components: Ranger
            Reporter: Srikanth Venkat


As an enterprise security admin, I need to be able to define and manage authorization policies
for data stored in AWS S3 so that I can manage my access control and authorization entitlements
in hybrid and cloud environments along with other data in platforms that Ranger currently
authorizes. This feature will should allow interoperability with AWS IAM policies and be
able to gather audits from the native cloud audit capabilities such as via AWS CloudTrail.

Implementation considerations:
 # AWS S3 IAM  information: https://aws.amazon.com/documentation/iam/
 # AWS CloudTrail information: https://aws.amazon.com/documentation/cloudtrail/
 # This could be a policy mapping or sync mechanism (either online or offline) that will
allow Ranger policy conditions, and user/group/role or other policy elements to be mapped
to what is available in AWS IAM. This might entail having a different model where the Ranger
plugin might not be running in the cloud native service and might require a proxy or other paradigms
to be effective.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message