Building and operating a pretty big storage system called S3

[mannyv]

What most people don't realize is that the magic isn't in handling the system itself; the magic is making authorization appear to be zero-cost.

In distributed systems authorization is incredibly difficult. At the scale of AWS it might as well be magic. AWS has a rich permissions model with changes to authorization bubbling through the infrastructure at sub-millisecond speed - while handling probably trillions of requests.

This and logging/accounting for billing are the two magic pieces of AWS that I'd love to see an article about.

Note that S3 does AA differently than other services, because the permissions are on the resource. I suspect that's for speed?

[awithrow]

Keep in mind that S3 predates IAM by several years. So part of the reason that access to buckets/keys is special is because it was already in place by the time IAM came around.

Its likely persisted since than largely since removing the old model would be a difficult taks without potentially breaking a lot of customer's setup

[mannyv]

Exactly. This difference makes it easier to (1)understand how IAM works, and (2) how the s3 works...because IAM and S3 work together, but in a different way than the other services.

I heard that AA is done via asics, but resource-level permissions implies that authorization is done at the local level for s3. To me that implies that the system extracts S3 permissions from IAM and sends them downstream s3, which get merged with stuff that s3 manages.

I guess that occurs when permissions are saved up in IAM world. At some point those need to be joined against a principal somewhere, as roles can exist without assignment.

Again, it's be so interesting to see how this is done IRL.

[vdm]

AWS re:Invent 2022 - A day in the life of a billion requests (SEC404) https://www.youtube.com/watch?v=tPr1AgGkvc4