AWS S3 Target Permissions
Permissions required to add S3 as a target to T4K
To add AWS S3 (object storage) as a Target within T4K, users need specific access permissions on the bucket.
Implementation Step
Create the following Policy in AWS
Note: replace bucketname with name of the s3 bucket name
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::bucketname",
"arn:aws:s3:::bucketname/*"
]
},
{
"Effect": "Deny",
"NotAction": "s3:*",
"NotResource": [
"arn:aws:s3:::bucketname",
"arn:aws:s3:::bucketname/*"
]
}
]
}
Attach policy to a user and collect the Access key ID ,Secret access key which the user has to provide while adding an AWS target.
Optional: In case an AWS policy has been attached to a bucket then the bucket policy should be as follows:
Note: Alice is user in root account 111122223333
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::111122223333:user/Alice",
]
},
"Action": [
"s3:ListBucket",
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::my_bucket",
"arn:aws:s3:::my_bucket/*"
]
}
]
}
