You have a large organization, with numerous users requiring different access levels to the organization’s files. You need to have fine control over user permissions, ensuring that users only get access to what is required for them to do their jobs. Adding and removing users should be easy and always available to the administrator. Another requirement is compliance – you cannot share your access keys with anyone, not even with a cloud based solution. In fact, you need to run all services inside your own VPC, utilizing your own controls and procedures.
Yarkon Server is the solution for you. It runs in an AMI you host, so you don’t have to share your credentials with any provider. You don’t even need to enter the credentials anywhere. Just assign the proper role to the instance and it will pick its credentials from the environment, without any human ever seeing the credentials, not even the administrator. For more, see
Use AWS IAM to have full control over user permissions. It is considered “best practice” to do it at the group level, but you can be more granular and create access policies at the user level. Then, use Yarkon with the Integrated Security Model or the Federated Security Model. User permissions will be exactly what you specified on the server side. You can even use the Yarkon Admin Console to verify what the permissions granted to the end users would be, quite helpful when you have a complex structure.
Checkout this document for one way to set up your AWS organization.
You provide your users with a service that utilizes S3, such as a backup subscription, or a back-end service that you require your clients to upload files for processing. You want to give them a simple user interface to use when accessing their files. But you only use your S3 account, it is critical that different clients would never have access to each other files.
You can use either Yarkon Cloud or Yarkon Server to meet your requirements. Make sure to set up your clients’ permissions as described in the document on setting up AWS for explicit client access. Using the Integrated Security Model or the Federated Security Model will ensure that user permissions are controlled.