Supercharged Access Controls for AWS S3

Gain insights, set data limits, and create usage-based billing policies to monitor, manage, and monetize access to your private S3 buckets.

Features

An augmented feature set for AWS S3

AWS S3 offers best-in-class storage for files within the cloud. However, when it comes to sharing large volumes of data, S3's feature set falls a bit short. This is where Till comes in...
Detailed usage analytics
Usage analytics enable quick insights into user activity and dataset popularity, removing the need to manually parse S3 access logs.
Simple data limits
Grant access keys with rolling or absolute data limits, disabling data access when limits are reached.
Automated billing
Recoup the costs of producing, storing, and distributing datasets with automated usage-based billing.
Usage

Native S3 interface

Using Till, bucket owners create custom access keys and grant these keys permissions to access to their buckets. End users use these credentials to connect to S3 buckets via Till's globally-distributed S3-compatible API, easily integrating Till into their existing data-heavy workflows.

Examples of accessing data

export AWS_ACCESS_KEY_ID=TILLABCDEF1234
export AWS_ACCESS_KEY_SECRET=3X4MPL3S3CR3T
aws s3 cp s3://my-bucket/path/to/my_file.txt path/to/local/file.txt --endpoint-url 'https://s3.till.sh'
import boto3
# Create an S3 client with custom endpoint URL, region, access key ID, and secret access key
s3 = boto3.client(
"s3",
endpoint_url="https://s3.till.sh",
region_name="us-east-1",
aws_access_key_id="TILLABCDEF1234",
aws_secret_access_key="3X4MPL3S3CR3T",
)
# Set the bucket and key (file name) that you want to download
bucket = "my-bucket"
key = "path/to/my_file.txt"
# Download the file
s3.download_file(bucket, key, "path/to/local/file.txt")
import * as AWS from 'aws-sdk';
// Create an S3 client with custom endpoint URL, region, access key ID, and secret access key
const s3 = new AWS.S3({
endpoint: 'https://s3.till.sh',
region: 'us-east-1',
accessKeyId: 'TILLABCDEF1234',
secretAccessKey: '3X4MPL3S3CR3T',
});
// Set the parameters for the S3.getObject method
const params = {
Bucket: 'my-bucket',
Key: 'path/to/my_file.txt'
};
// Call the S3.getObject method to retrieve the file
s3.getObject(params, function(err, data) {
if (err) {
console.log(err);
} else {
console.log(data.Body.toString('utf-8'));
}
});
package main
import (
"fmt"
"io/ioutil"
"os"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/s3"
)
func main() {
accessKeyID := "TILLABCDEF1234"
secretAccessKey := "3X4MPL3S3CR3T"
region := "us-east-1"
endpoint := "https://s3.till.sh"
bucket := "my-bucket"
key := "path/to/my_file.txt"
filename := "path/to/local/file.txt"
// Create a new AWS session
sess, err := session.NewSession(&aws.Config{
Region: aws.String(region),
Endpoint: aws.String(endpoint),
Credentials: credentials.NewStaticCredentials(accessKeyID, secretAccessKey, ""),
})
if err != nil {
fmt.Println("Error creating session:", err)
return
}
// Create a new S3 client
svc := s3.New(sess)
// Read the object
result, err := svc.GetObject(&s3.GetObjectInput{
Bucket: aws.String(bucket),
Key: aws.String(key),
})
if err != nil {
fmt.Println("Error reading object:", err)
return
}
// Read the contents of the object
contents, err := ioutil.ReadAll(result.Body)
if err != nil {
fmt.Println("Error reading object contents:", err)
return
}
// Write the contents to a local file
err = ioutil.WriteFile(filename, contents, 0644)
if err != nil {
fmt.Println("Error writing to file:", err)
return
}
}
Pricing

Basic

Free

  • Usage Analytics
  • 5 Access Keys
  • 30 day log retention

Pro

Private Beta

  • Usage Analytics
  • Unlimited Keys
  • Unlimited Log Retention
  • Custom Data Limits
  • Automated Key Expiry
  • Billing Integration

Enterprise

Contact Us

  • ... all features of Pro
  • Custom S3 Endpoint URL
  • Custom Access Key ID Prefix
  • Self-Hosted S3 API (optional)
FAQ
How does Till access my private S3 buckets?
Till will assume an IAM Role that you create within your AWS Account. With this IAM Role, we are able to make requests to your private AWS buckets on your users' behalf.
Who pays for the data transfer costs charged by AWS?
The owner of the IAM Role provided to Till is responsible for covering the egress charges associated with data transfer from S3.
From what region does Till access data within my S3 buckets?
Till's S3 API is globally distributed and will access your S3 resources from a server most nearest to your user.
What metrics do you collect about my users activities or my data?
Till does not access your data for any reason other than fulfilling data requests made by your users or verifying that your specified IAM Roles are able to access data within your specified buckets.
Does Till sell the data that it collects?
No. Till does not sell or otherwise monetize any of the data/metadata collected regarding your users' activities.
How can I monitor Till's activity within my AWS account?
When Till assumes the IAM Role you provide, it does so with a SessionName matching to the ID of the Till-provided Access Key that your user is making use of to access your data. This allows you to search for all Till activity via AWS CloudTrail.
Will Till ever support <insert your great idea>?
Till is under active development and is continually building out its roadmap. If you have ideas of how Till can better help you solve problems, we'd love to hear from you at [email protected].