

Show HN - Bucketio uses your own S3 Account for requesting and sharing files - mazondo
https://www.bucketio.com/

======
xauronx
I feel pretty hesitant giving full access of my Amazon Account to this website
I just heard of today. I love the concept but I'm too uninformed of the
potential risks to actually go through with pasting my credentials in there.

Anyone care to alleviate my ignorance?

~~~
mazondo
It was an issue we discussed quite a bit when working on Bucketio. If you're
S3 savvy, we recommend that you create a limited user and give it access to
JUST the bucket you want us using. If you're not, then you can provide your
Master keys and the system does the setup for you. We create a limited user
with access to a single bucket we create, set the CORS needed for uploading,
then we forget your master keys and connect using the new user ONLY.

~~~
xauronx
Do you have any interest in providing a guide for your users to do that
themselves? Obviously they'd have to trust you to some degree to follow your
guide and assume you're not tricking them. I'm generally not a very paranoid
person, but in this case I have a couple EC2 servers running for clients that
would be a bitch to fix if someone messed with them.

~~~
mazondo
Great idea. I'll take some screenshots and make a guide.

~~~
xauronx
That would be awesome. I fooled around with it and failed. I created a user
with S3 full access (I have nothing else using S3) and it complains that
access is denied.

~~~
mazondo
Here you go! Please let me know if you encounter any issues or if anything is
unclear. Any and all feedback is absolutely appreciated!

[https://bucketio.desk.com/customer/portal/articles/1033741-m...](https://bucketio.desk.com/customer/portal/articles/1033741-manual-
setup)

------
lttlrck
I'm going to need far more details before I sign up and give away any S3
access thanks very much.

~~~
mazondo
Sure, we understand, it's part of what we're trying to get figured out at this
early stage. Can you let us know what you'd be interested in knowing and we'll
work to provide more info?

