When processing data on the cloud for somebody else (e.g. a customer) or you lot desire to share large amounts of data for other reasons, a skillful option is to directly use cloud storage for this. Besides DropBox (which requires a contract with a monthly fee for this kind of data) and other offerings, Amazon provides S3: You already get 5 GB of free S3 storage every bit part of the "Free Tier", for anything else you simply pay for what you lot use. At the current price(August 2017) you pay $0.023 per GB for standard storage.Additionally you have to pay for access operations: PUT, Copy, POST, or LIST Requests $0.005 per i,000 requests, GET and all other Requests $0.004 per 10,000 requests. Information transfers betwixt S3 buckets or from S3 to any Amazon cloud service(southward) within the same region are free, to other regions or download via the internet incurr additional prices. Please cheque back on the Amazon pages for curent prices and conditions.

Using the fantabulous Walk-through example from AWS, hither is a condensed version of the set-upwards that worked for me. I needed to process large data files for a customer, allow's call them DataHeros Ltd. hither, downloading to my machine and uploading to the cloud would accept been highly inefficient. FTP or other access to the client data was not possible.

The main steps are:

  1. Create IAM profile for the customer
    – Sign in to AWS, create a new IAM user (let's call him/her "information-heros-ltd") with countersign but no permissions yet.
    – Also create a grouping (called "customers")
  2. Create S3 saucepan with folder for the customer
    – Go to the S3 panel.
    – Create a bucket "my-company-bucket" and a binder "customer-A", "customer-B", etc. inside "customer-A" I create a subfolder "DataHeros-Ltd". All customers will come across the initial list, just they don't need to see the actual names of other customer. At the same fourth dimension the customer is sure that the 2d-level binder is the correct 1 for his/her information.
    Let'south also create a binder "other-data" for just that, where only I have access to.
  3. Fix permission to permit access to this area simply
    All customers (group) need listing acess to the bucket, the electric current customer DataHeros-Ltd needs write admission to the "client-A / DataHeros-Ltd" expanse.
    The permissions are set using:
    – theinline policy of the userdata-heros-ltd: Policy 1 below
    – apolicy attached to the group customers: Policy two
    – the generalBucket Policy in thePermissions tab of the saucepan Policy 3, which includes yourAWS account ID. You tin find this on elevation of the billing console.
  4. From the console you can at present customize the link to give to customers along with their username and password. They should be able to upload data to their folder using the web interface which I tin can then process.

Policy 1:

{     "Version": "2012-10-17",     "Statement": [         {             "Sid": "AllowListBucketIfSpecificPrefixIsIncludedInRequest",             "Action": [                 "s3:ListBucket"             ],             "Effect": "Allow",             "Resource": [                 "arn:aws:s3:::my-company-saucepan"             ],             "Condition": {                 "StringLike": {                     "s3:prefix": [                         "customer-A/*"                     ]                 }             }         },         {             "Sid": "AllowUserToReadWriteObjectDataInDevelopmentFolder",             "Action": [                 "s3:GetObject",                 "s3:PutObject",                 "s3:DeleteObject"             ],             "Consequence": "Permit",             "Resources": [                 "arn:aws:s3:::my-visitor-bucket/customer-A/*"             ]         }     ] }

Policy 2:

{   "Version": "2012-10-17",                    "Statement": [     {       "Sid": "AllowGroupToSeeBucketListAndAlsoAllowGetBucketLocationRequiredForListBucket",       "Action": ["s3:ListAllMyBuckets", "s3:GetBucketLocation"],       "Effect": "Let",       "Resources": ["arn:aws:s3:::*"]     },     {       "Sid": "AllowRootLevelListingOfCompanyBucket",       "Action": ["s3:ListBucket"],       "Effect": "Allow",       "Resource": ["arn:aws:s3:::my-company-bucket"],       "Condition":{           "StringEquals":{"s3:prefix":[""]}        }     },     {       "Sid": "RequireFolderStyleList",       "Action": ["s3:ListBucket"],       "Outcome": "Deny",       "Resource": ["arn:aws:s3:::*"],       "Condition":{           "StringNotEquals":{"s3:delimiter":"/"}        }      },     {       "Sid": "ExplictDenyAccessToPrivateFolderToEveryoneInTheGroup",       "Activity": ["s3:*"],       "Effect": "Deny",       "Resource":["arn:aws:s3:::my-company-bucket/other-data/*"]     },     {       "Sid": "DenyListBucketOnPrivateFolder",       "Activity": ["s3:ListBucket"],       "Issue": "Deny",       "Resource": ["arn:aws:s3:::*"],       "Condition":{           "StringLike":{"s3:prefix":["other-data/"]}        }     }   ] }

Policy three:

{     "Version": "2012-10-17",     "Id": "Policy1502460168202",     "Statement": [         {             "Sid": "Stmt1502460165827",             "Effect": "Allow",             "Chief": {                 "AWS": "arn:aws:iam::MY-AWS-ID:root"             },             "Activeness": "s3:*",             "Resource": "arn:aws:s3:::my-company-bucket/*"         }     ] }