Cloud Firewall for Object Storage
Hi, will it be possible to apply a Cloud Firewall to Object Storage? This would be extremely useful, for example to allow you to prevent direct access to a bucket for everyone except through Cloudflare.
3 Replies
jecochard
Linode Staff
Hey there,
The Cloud Firewalls service, once in wide release, will allow you to manage you Linodes' firewall rules directly from the Cloud Manager and Linode API. Though still in Beta, it's not designed for use with Object Storage.
With that in mind it sounds like you would benefit from strict bucket policies and ACLs. Below are a few guides that may help with that:
How to Use Object Storage ACLs and Bucket Policies - This general guide outlines how to create and enact rules for your Object Storage Buckets
Block S3 Traffic by IP- This guide about S3 may prove useful here since Object Storage is S3 Compatible.
Restrict S3 Buckets to CloudFlare IPs Only - This post from Medium takes this a step further and seems to tackle your exact use case in which you want to restrict access based on CloudFlare IPs.
While I haven't tried this myself, it looks like these guides may help you find a suitable solution to your desire for more secure Object Storage Buckets.
One additional resource for securing your Object Storage Buckets / Objects would be our guide on How to Use Server-Side Encryption with Linode Object Storage. Server-side encryption secures data on Linode Object Storage. Using your own encryption key, Linode will encrypt your data at the object level prior to storing it to disk.
Cheers!
@jecochard That "Block S3 Traffic by IP" looks like a solution! But where would this policy be configured on Linode Object Storage?
In case if you are looking to abstract direct access to object storage and grant a web-based access to users on file or folder level, you can check the app NirvaShare available in Marketplace
https://www.linode.com/marketplace/apps/nirvashare/nirvashare