Aws s3 security & sync

Two part challenge with aws s3 & odrive for an iam user that is accessing the s3 bucket (full bucket permissions; verified access through console & cli)

  1. files added to odrive folder on a local (windows) system, get pushed up to aws, however, once files are deleted from the local folder, those changes never get propagated. Is there any way to fix this?

I checked cloud trail logs and there is no delete api call to the bucket in response to file deletion.

  1. From the security standpoint of view, someone might need to update the policy that states that you never store credentials or data. IAM account access and secret keys are, clearly, stored.

Hi @imnev,
The odrive client has an “odrive trash” feature that is a safeguard against unintended deletes. This is especially handy for utility/infrastructure storage like S3 that doesn’t have a default “trash” feature typically found in consumer storage services. You can find the odrive trash in the odrive tray menu. When you empty it, the deletes will be executed against your cloud storage. You can find out more about this here: https://docs.odrive.com/docs/sync-changes#empty-trash

For security, we generally refer to the credential storage in reference to OAuth logins. We only allow OAuth-capable sources to be used to login to odrive and these services make up 98%+ of odrive links. For services like FTP and Amazon S3, where OAuth is not available, the information needs to be stored, as you stated. This thread goes into this a bit more: Odrive security (passwords, connection info, OAuth, etc)

If you can point me to the policy statements you are referring to, when you get a chance, I can see what we can do to add additional clarity.