private-object-access-control
CommunityEnforce private object access on S3-like storage.
Software Engineering#iam#s3#tenant isolation#presigned URL#api proxy#bucket policy#private access control
Authormarquesfelip
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This skill provides a comprehensive framework to enforce private object access control on S3-compatible storage by standardizing bucket policies, IAM scopes, presigned access, and an API proxy pattern. It helps prevent accidental public exposure of objects and enables robust tenant isolation and auditable access.
Core Features & Use Cases
- Define access models for buckets and objects (presigned URLs, API proxy, direct IAM access) with policy guardrails.
- Enforce Block Public Access settings across providers and validate configurations to prevent accidental exposure.
- Implement application-layer authorization to ensure tenants can access only their own objects, with audit trails for sensitive data.
- Apply cross-tenant isolation checks, least-privilege IAM for applications, and ongoing compliance checks.
- Provide an end-to-end pattern including an API proxy for high-sensitivity files with server-side access logging and controlled streaming.
Quick Start
Configure a private-object access control workflow for your storage, block public access, and validate cross-tenant isolation.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: private-object-access-control Download link: https://github.com/marquesfelip/agents-and-skills/archive/main.zip#private-object-access-control Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.