[
https://issues.apache.org/jira/browse/RANGER-1974?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16356337#comment-16356337
]
Balaji Ganesan commented on RANGER-1974:
----------------------------------------
[~srikvenk] Thanks for creating this. I believe we have a similar requirement
in [Ranger-1300|https://issues.apache.org/jira/browse/RANGER-1300], though we
have not progressed beyond initial discussions. Should we merge the 2 tickets?
cc [~GodenYao] [~aloklal99] [~bosco]
> Ranger Authorizer and Audits for AWS S3
> ----------------------------------------
>
> Key: RANGER-1974
> URL: https://issues.apache.org/jira/browse/RANGER-1974
> Project: Ranger
> Issue Type: New Feature
> Components: Ranger
> Reporter: Srikanth Venkat
> Priority: Blocker
>
> As an enterprise security admin, I need to be able to define and manage
> authorization policies for data stored in AWS S3 so that I can manage my
> access control and authorization entitlements in hybrid and cloud
> environments along with other data in platforms that Ranger currently
> authorizes. This feature will should allow interoperability with AWS IAM
> policies and be able to gather audits from the native cloud audit
> capabilities such as via AWS CloudTrail.
> Implementation considerations:
> # AWS S3 IAM information: https://aws.amazon.com/documentation/iam/
> # AWS CloudTrail information:
> https://aws.amazon.com/documentation/cloudtrail/
> # This could be a policy mapping or sync mechanism (either online or
> offline) that will allow Ranger policy conditions, and user/group/role or
> other policy elements to be mapped to what is available in AWS IAM. This
> might entail having a different model where the Ranger plugin might not be
> running in the cloud native service and might require a proxy or other
> paradigms to be effective.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
