cloud-aws plugin: Option to explicitly set x-amz-acl: Private #14103
Assignees
Labels
:Distributed/Snapshot/Restore
Anything directly related to the `_snapshot/*` APIs
>enhancement
help wanted
adoptme
v2.1.0
v2.2.0
v5.0.0-alpha1
Comments
|
@dadoonet thoughts? |
|
It makes sense to me to support such an option. |
|
@JamesBromberger fancy sending a PR? |
|
Sorry, I'm not a Java dev, so I have no faith that any Java I would try would even compile. But a rough draft as a patch, totally untested, uncompiled, and unsure if this helps: |
|
Would be useful to also permit admins to set an "x-amz-acl" header of "bucket-owner-full-control" to enable sending snapshots to an S3 bucket owned by another account for escrow/compliance purposes and letting that separate account own the objects deposited there. http://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example3.html |
Merged
clintongormley
added
:Distributed/Snapshot/Restore
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
While ACL Private is a default, it would be nice to permit ElasticSearch nodes to explicitly set the desired ACL for the snapshots they create. This can then be validated by an S3 Bucket Policy, which can reject clients that try to upload objects to S3 that aren't set as Private.
http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
http://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html
The text was updated successfully, but these errors were encountered: