Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Utilize aws s3 ls instead of s3api head-bucket to check for access before barman-cloud-backup execution #929

Open
benjamin-schilling-csq opened this issue Jun 6, 2024 · 0 comments
Open

Utilize aws s3 ls instead of s3api head-bucket to check for access before barman-cloud-backup execution #929

benjamin-schilling-csq opened this issue Jun 6, 2024 · 0 comments
Labels
enhancement triage

Comments

@benjamin-schilling-csq
Copy link

barman-cloud-backup currently uses the head-bucket operation of the s3api to check for existence and access to the targeted S3 bucket. For those trying to write restricted policy to prefixes within the bucket, the only thing that allows head-bucket to properly work is to allow ListBucket to the entirety of the bucket. If using the equivalent of aws-cli s3 ls, the policy can allow for checking that the root of the bucket exists while also restricting prefixes levels below the root of the bucket, permitting for a more secure solution.

If this is a feasible feature request it would be greatly appreciated if it could be implemented.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@martinmarques @benjamin-schilling-csq