Skip to content

Added expectedBucketOwner #196

Open
vaibhavm99 wants to merge 1 commit intoaws:developfrom
vaibhavm99:add-expected-bucket-owner-validation
Open

Added expectedBucketOwner #196
vaibhavm99 wants to merge 1 commit intoaws:developfrom
vaibhavm99:add-expected-bucket-owner-validation

Conversation

@vaibhavm99
Copy link

Add S3 Bucket Owner Verification Support

This PR adds optional S3 bucket owner verification to neptune-export, enhancing security by allowing clients to verify that S3 buckets are owned by expected AWS accounts.

Changes

New Parameter: expectedBucketOwner

  • Added as an optional parameter across all S3 operations (GET, PUT, LIST)
  • Can be provided via environment variable EXPECTED_BUCKET_OWNER or JSON field expectedBucketOwner
  • When not provided, automatically defaults to the account ID from the credential provider
  • Applies to all S3 interactions: exports, config files, completion files, and Neptune ML training configs

Security Benefits

This feature helps prevent unauthorized access to S3 buckets by verifying bucket ownership before performing operations, adding an extra layer of security for cross-account scenarios.

…S3 requests, if they don't pass in the value, use credential provider for default accountID.
@vaibhavm99 vaibhavm99 force-pushed the add-expected-bucket-owner-validation branch from 97b953a to 8e3260c Compare February 26, 2026 02:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants