System design
Architecture you can trust
Built for enterprise-grade architecture with AWS IAM, short-lived credentials, and flexible deployment models.
Core Security Highlights
IAM-Native Permissions
Yarkon strictly enforces AWS IAM policies — no user gets more access than allowed.
Short-Lived Tokens
End users receive only temporary session credentials, protecting long-lived API keys.
Flexible Security Models
Shared, Federated, and Integrated models match any organizational need.
SSO / SAML2 Support
Easily integrate with your enterprise SSO (Yarkon Server).
Encryption & TLS
Industry-standard encryption at rest and in transit.
No Key Exposure
Your S3 keys are never exposed to clients or end users.
How it Works
Define policies
Admins configure access using standard AWS IAM roles and permissions.
Authenticate
Users authenticate via Yarkon, SSO, or identity provider.
Temp credentials
Yarkon generates short-lived credentials scoped to each user.
Enforce access
All S3 operations are strictly limited by IAM — nothing more.
Security Models
Simple setup for small teams using a shared IAM role
- All users share the same IAM role and permissions
- Easy to set up and manage for small teams
- Best for documentation and non-critical environments
Flexible per-user permissions fully integrated with AWS IAM
- Each user maps to their own IAM permissions
- Fine-grained control over user access
- Best for environments requiring strict access control
Cross-account access for complex enterprise environments
- Similar to integrated but with cross-account IAM and federated access
- Fine-grained control over user access
- Best for environments with buckets in multiple AWS accounts