-
Thank’s for your answer.
I’m not sure if we are talking about the same.
Using S3 access points are a valid way to make fine grained access control for this use case. This is not the problem with the answer, right? I could define several access points for each user/group and define the S3 prefix on which they apply and if they have read/write permissions. This would satisfy the requirement of “ensuring that each scientist can only access files they own”, right?
So only the requirment about logging which user accessed which files would still be open, right?
Using S3 Server access doesn’t tell me which user access which files, right? It just shows the http status code, time etc,….
That’s why this solution doesn’t work (besides QuickSight)?
If I’m using S3 access points can I log S3 events via CloudTrail? If yes, then S3 Access points + CloudTrail + Athena would be a valid solution?
Thank’s again,
Chris
