The latest articles on DEV Community by codebytesfl (@codebytesfl). https://dev.to/codebytesfl https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F514570%2F1e29f7b6-6d51-4593-9856-d73fecdfcb2f.png https://dev.to/codebytesfl en codebytesfl Thu, 26 May 2022 20:39:14 +0000 https://dev.to/codebytesfl/aws-ec2-tag-based-folder-access-to-s3-461k https://dev.to/codebytesfl/aws-ec2-tag-based-folder-access-to-s3-461k <p>Recently I have been developing a multi tenant system in where each user was assigned an EC2 that contained a full stack deployment of a web app. This EC2 also needed to have access to access to a folder in a S3 bucket where the tenant could upload anything they want <strong>but only to their designated folder</strong> in the bucket.</p> <p>This posed quite a challenge to make this scaleable (i.e I want to make the policy once, and it should scale regardless of how many tenant I sign on) as I discovered many different account limitations with different approaches. </p> <p>One method of achieving this was to assign 1 IAM User per Tenant. I can then make a policy that is attached to each user saying that "<strong>Tenant X</strong> can only access <strong>X Folder</strong> in this bucket". Great solution, but we have our first hiccup. </p> <p><strong>AWS limits the amount of users to 5,000.</strong> This means I can only onboards up to 5000 tenants before having to create another AWS account. Not ideal.</p>