What AWS architecture would you recommend?
ASK their customers to use an S3 client instead of an FTP client. Create a single S3 bucket Create an IAM user for each customer Put the IAM Users in a Group that has an IAM policy that permits access to sub-directories within the bucket via use of the ‘username’ Policy variable.
Create a single S3 bucket with Reduced Redundancy Storage turned on and ask their customers to use an S3 client instead of an FTP client Create a bucket for each customer with a Bucket Policy that permits access only to that one customer.
Create an auto-scaling group of FTP servers with a scaling policy to automatically scale-in when minimum network traffic on the auto-scaling group is below a given threshold. Load a central list of ftp users from S3 as part of the user Data startup script on each Instance.
Create a single S3 bucket with Requester Pays turned on and ask their customers to use an S3 client instead of an FTP client Create a bucket tor each customer with a Bucket Policy that permits access only to that one customer.
Explanations:
Using a single S3 bucket with IAM users for each customer allows for granular access control through policies that can restrict users to specific subdirectories, ensuring customer privacy. It leverages S3’s scalability and cost-effectiveness while eliminating the need for managing FTP servers.
Creating a separate S3 bucket for each customer complicates management and could increase costs. Additionally, Reduced Redundancy Storage is not necessary for this use case, as it does not provide the same level of durability and availability as standard S3 storage.
Using an auto-scaling group of FTP servers does not utilize S3’s advantages and requires ongoing management of servers, which can lead to higher costs and complexity. Additionally, FTP is less secure than S3, compromising customer privacy.
While using Requester Pays can help manage costs, it does not simplify management and could create confusion for customers. The approach of creating separate buckets for each customer is also not efficient and complicates access management.
As far as I can tell, the answer is:
ASK their customers to use an S3 client instead of an FTP client. Create a single S3 bucket Create an IAM user for each customer Put the IAM Users in a Group that has an IAM policy that permits access to sub-directories within the bucket via use of the ‘username’ Policy variable.