Archive

Archive for October, 2013

Shared Access Signature – Azure and AWS

October 17, 2013 Leave a comment

We have used the Shared Access Signature feature in Azure quite a few times to achieve the Key Valet Pattern. Basically, it helps to implement temporary read/write access for private storage entity to the outside world without being able to share the security credentials for the same. We have used SAS in Azure to provide remote devices, tools and utilities temporary access to upload the files.

Basically, a shared access signature is a URI that grants restricted access rights to containers, blobs, queues, and tables for a specific time interval. By providing a client with a shared access signature, you can enable them to access resources in your storage account without sharing your account key with them.

To know more about SAS in Azure here are the links

Create and Use a Shared Access Signature
Shared Access Signatures, Part 2: Create and Use a SAS with the Blob Service

How do I Achieve SAS in AWS?

Now, the interesting part, I was trying to implement the similar feature SAS on AWS S3 storage. Basically the idea is same the Key Valet Pattern, to be able to share read/write access on s3 bucket or object with remote device or utilities without sharing the security credentials.

For read access on S3 object AWS provides Pre-Signed object URL as indicated below.

Generate Pre-signed Object URL using AWS SDK for .NET

For write access- to be able to upload files into S3 objects here is the way out in .Net world

Uploading to Amazon S3 with HTTP POST using the AWS SDK for .NET

Being from the Azure world, I had to spent time to reach to these solutions in AWS and I am sure there would be few developers like me who are looking for similar solution in AWS.

Hope this is helpful.

Advertisements