ObjectScale manages users through IAM, which enables secure, access control to S3 resources. This functionality ensures that each access request to the resource is identified, authenticated, and authorized. With IAM, customers can add users, roles, and groups, and grant and restrict access by adding policies to the IAM entities.
We recommend the following guidelines for user accounts:
- Lock root access keys and do not use the root user for tasks. Instead, use the root user credentials only to create an IAM admin user. Lock the root user credentials and use them to perform only certain account-management and service-management tasks.
- Do not share the IAM credentials between users. Preferably, applications should use temporary credentials, using an IAM role for accessing.
- Change access keys regularly to avoid misuse of compromised credentials.
- Delete IAM user credentials that are no longer required.
- When creating IAM policies, follow the standard security advice of granting least privilege, or grant only the permissions that are required to perform a task.
- Do not define permissions for individual IAM users who perform similar job functions. Create groups, define the permissions for each group, and assign IAM users to groups.