question: what AWS IAM policies are required?
hamza opened this issue · 1 comments
hamza commented
Thanks for the package, works great!
I'm trying to figure out what permissions are required. Right now if I attach the S3 full access policy, everything works fine, but if I try to make a more restricted policy that only works on a particular bucket, I get a 403
error.
Any advice on this?
Here is my policy JSON (sensitive fields changed):
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1494895366000",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::foobar-bucket"
]
}
]
}
wertlex commented
Not obvious, but this work for me:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1494895366000",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::foobar-bucket",
"arn:aws:s3:::foobar-bucket/*"
]
}
]
}
Note how Resource
changed.