[
https://issues.apache.org/jira/browse/RANGER-1974?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Don Bosco Durai reassigned RANGER-1974:
---------------------------------------
Assignee: Don Bosco Durai
> Ranger Authorizer and Audits for AWS S3
> ----------------------------------------
>
> Key: RANGER-1974
> URL: https://issues.apache.org/jira/browse/RANGER-1974
> Project: Ranger
> Issue Type: New Feature
> Components: Ranger
> Reporter: Srikanth Venkat
> Assignee: Don Bosco Durai
> Priority: Blocker
>
> As an enterprise security admin, I need to be able to define and manage
> authorization policies for data stored in AWS S3 so that I can manage my
> access control and authorization entitlements in hybrid and cloud
> environments along with other data in platforms that Ranger currently
> authorizes. This feature will should allow interoperability with AWS IAM
> policies and be able to gather audits from the native cloud audit
> capabilities such as via AWS CloudTrail.
> Implementation considerations:
> # AWS S3 IAM information: https://aws.amazon.com/documentation/iam/
> # AWS CloudTrail information:
> https://aws.amazon.com/documentation/cloudtrail/
> # This could be a policy mapping or sync mechanism (either online or
> offline) that will allow Ranger policy conditions, and user/group/role or
> other policy elements to be mapped to what is available in AWS IAM. This
> might entail having a different model where the Ranger plugin might not be
> running in the cloud native service and might require a proxy or other
> paradigms to be effective.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
