I am configuring MinIO as S3 compatible storage.
Based on https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html
I understood that I can limit access to the bucket using BUCKET level policy for particular user.
AWS example from the linked document:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AddCannedAcl",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::111122223333:root",
"arn:aws:iam::444455556666:root"
]
},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": [
"public-read"
]
}
}
}
]
}
Let's consider 2 lines:
"arn:aws:iam::111122223333:root",
"arn:aws:iam::444455556666:root"
As I understand, 111122223333:root
and 444455556666:root
are user identifiers. But I haven't found any mc command which return me any user identifier? I also checked UI console, but I haven't found anything.
Although Minio states they are s3 compatible — they don't support it and the worst thing here that I was not able to find any information in Minio documentation about inconsistency with S3 API regarding my question.
But eventually, I was able to find a closed ticket on GitHub, and it is clearly stated that it won't be implemented. It must be in documentation.