AWS S3 Target Permissions

Permissions required to add S3 as a target to TVK

To add AWS S3 (object storage) as a Target within TVK, users need specific access permissions on the bucket.

  • Implementation Step

    1. Create the following Policy in AWS

      • Note: replace bucketname with name of the s3 bucket name

      {
      "Version": "2012-10-17",
      "Statement": [
      {
      "Effect": "Allow",
      "Action": [
      "s3:ListBucket",
      "s3:PutObject",
      "s3:GetObject",
      "s3:DeleteObject"
      ],
      "Resource": [
      "arn:aws:s3:::bucketname",
      "arn:aws:s3:::bucketname/*"
      ]
      },
      {
      "Effect": "Deny",
      "NotAction": "s3:*",
      "NotResource": [
      "arn:aws:s3:::bucketname",
      "arn:aws:s3:::bucketname/*"
      ]
      }
      ]
      }
    2. Attach policy to a user and collect the Access key ID ,Secret access key which the user has to provide while adding an AWS target.

    3. Optional: In case an AWS policy has been attached to a bucket then the bucket policy should be as follows:

      • Note: Alice is user in root account 111122223333

      {
      "Version": "2012-10-17",
      "Statement": [
      {
      "Effect": "Allow",
      "Principal": {
      "AWS": [
      "arn:aws:iam::111122223333:user/Alice",
      ]
      },
      "Action": [
      "s3:ListBucket",
      "s3:PutObject",
      "s3:GetObject",
      "s3:DeleteObject"
      ],
      "Resource": [
      "arn:aws:s3:::my_bucket",
      "arn:aws:s3:::my_bucket/*"
      ]
      }
      ]
      }