nitaigao/gulp-s3

question: what AWS IAM policies are required?

hamza opened this issue · 1 comments

hamza commented

Thanks for the package, works great!

I'm trying to figure out what permissions are required. Right now if I attach the S3 full access policy, everything works fine, but if I try to make a more restricted policy that only works on a particular bucket, I get a 403 error.

Any advice on this?

Here is my policy JSON (sensitive fields changed):

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1494895366000",
      "Effect": "Allow",
      "Action": [
        "s3:DeleteObject",
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::foobar-bucket"
      ]
    }
  ]
}

Not obvious, but this work for me:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1494895366000",
      "Effect": "Allow",
      "Action": [
        "s3:DeleteObject",
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::foobar-bucket",
        "arn:aws:s3:::foobar-bucket/*"
      ]
    }
  ]
}

Note how Resource changed.