S3 Plugin Implementation Architecture

This page lists the high-level architecture of the Ranger.

Component Details

Ranger Admin Server

Policy Management UI / REST API

  • S3 Service Definition: Defines S3 as a manageable service type in Ranger

  • S3 Policy Editor:

    • Allows creation of bucket-level and object-level policies
    • Supports resource patterns: bucket1/, bucket1/*, bucket1/prefix/*
    • Supports S3-specific actions

  • AWS Credentials Configuration: Admin user configures AWS access credentials for IAM policy injection

The user is required to create separate policies for buckets and objects with respective permissions.

User Management

  • Ranger UserSync: Automatically synchronizes users from AD/LDAP into Ranger

    • Assumes these users also exist in AWS IAM with matching usernames
    • Maintains user identity consistency across Ranger and AWS

  • Manual User Addition: Admin can manually add IAM usernames to Ranger users

    • Used when AD/LDAP sync not available
    • Required when IAM usernames differ from AD/LDAP usernames
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
  Last updated on Feb 3, 2026
Next to read:
Ranger Prerequisites
On This Page
S3 Plugin Implementation ArchitectureComponent DetailsRanger Admin Server