Hi, I am still evaluating ceph rgw for specific use cases.
My question is about keeping the realm of bucket names under control of rgw admins. Normal S3 users have the ability to create new buckets as they see fit. This opens opportunities for creating excessive amounts of buckets, or for blocking nice bucket names for other uses, or even using bucketname-typosquatting as an attack vector. In AWS, I can create some IAM users and provide per-bucket access to them via bucket or IAM user policies. These IAM users can't create new buckets on their own. Giving out only those IAM credentials to users and applications, I can ensure no bucket namespace pollution occurs. Ceph rgw does not have IAM users (yet?). What could I use here to not allow certain S3 users to create buckets on their own? Regards Matthias _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
