daknetworks.com

You are here: Blog AWS S3, GovCloud and DropBox

AWS S3, GovCloud and DropBox

So let's say that you need to share files with outside vendors. Historically, this is done through an FTP site. The problem is that FTP is insecure, really insecure. So insecure that in 2014 (and for many years before) it shouldn't even exist (you can throw telnet into this category as well).

In more modern times, this is done through services like DropBox, Gdrive, OneDrive, etc; with DropBox seemingly leading the way.

The problem becomes that certain industries are not allowed to use DropBox, not because DropBox doesn't meet technological requirements but because DropBox doesn't meet regulations. One of these industries is Government.

In walks Amazon Web Services or AWS. AWS has a number of cloud based products. There's so many services, it's dizzying. I'd be lying if I said that I knew and understood them all.

Now take all of these services and boil them down to the top 12 absolutely necessary services. Now make sure that only US Persons are able to access these services. This is GovCloud.

One of the primary services of AWS & GovCloud is S3. S3 is a simple cloud storage.

Create a DIRECTORY for the S3 to live:

  • -login to AWS GOVCLOUD.
  • -click S3.
  • -click CREATE BUCKET.

Create an OUTSIDE USER to access the S3:

  • -login to the AWS GOVCLOUD
  • -click IAM (or IDENTITY AND ACCESS MANAGEMENT).
  • -click USERS > CREATE NEW USERS.
  • -type in the USERNAME.
  • -click CREATE (at the bottom right).
  • -record the ID & KEY (you will not have another chance to do this).
  • -click CLOSE > CLOSE.
  • -click on the USER-YOU-JUST-CREATED.
  • -scroll to bottom.
  • -click MANAGE PASSWORD.
  • -click APPLY (at the bottom right).
  • -record the PASSWORD (you will not have another chance to do this).

 The rest can be done through the AWS GOVCLOUD web site but it's actually easier to use CLOUDBERRY S3 EXPLORER PRO. It costs $30 at the time of writing but so what.

Assign USER to allow access to S3 bucket:

  • -click ACCESS MANAGER (at the top).
  • -click NEW POLICY WIZARD.
  • -click NEXT.
  • -bullet SELECT AN EXISTING IAM USER.
  • -checkmark the OUTSIDE-USER
  • -select NEXT.
  • -bullet GRANT READ & WRITE ACCESS TO SELECTED BUCKETS ONLY.
  • -checkmark ALLOW USER ACCESS TO AWS CONSOLE.
  • -click NEXT.
  • -checkmark the S3 BUCKETS you want to allow access to.
  • -click NEXT.

It will show you the STATEMENT it is going to implement. This will work for AWS S3 but it won't work for GOVCLOUD. GOVCLOUD has a different RESOURCE NAME. I'll spare you the details.

  • -everywhere you see "aws", replace it with "aws-us-gov"
  • (This took me an entire day to discover).
  • -click NEXT > NEXT.
  • if it gives an error saying that a policy already exists... ignore it. We already know. We just created it.

 Now you have 2 sets of credentials for the OUTSIDE USER. You have a USERNAME & PASSWORD they can type in for the web site. They also have an ID and KEY they can use for a program.

Contact Dak Networks

We are not taking on new clients at this time.