Search…
AWS S3 Target Permissions
Permissions required to add S3 as a target to TVK
To add AWS S3 (object storage) as a Target within TVK, users need specific access permissions on the bucket.
    Implementation Step
      1.
      Create the following Policy in AWS
        Note: replace bucketname with name of the s3 bucket name
      1
      {
      2
      "Version": "2012-10-17",
      3
      "Statement": [
      4
      {
      5
      "Effect": "Allow",
      6
      "Action": [
      7
      "s3:ListBucket",
      8
      "s3:PutObject",
      9
      "s3:GetObject",
      10
      "s3:DeleteObject"
      11
      ],
      12
      "Resource": [
      13
      "arn:aws:s3:::bucketname",
      14
      "arn:aws:s3:::bucketname/*"
      15
      ]
      16
      },
      17
      {
      18
      "Effect": "Deny",
      19
      "NotAction": "s3:*",
      20
      "NotResource": [
      21
      "arn:aws:s3:::bucketname",
      22
      "arn:aws:s3:::bucketname/*"
      23
      ]
      24
      }
      25
      ]
      26
      }
      Copied!
      2.
      Attach policy to a user and collect the Access key ID ,Secret access key which the user has to provide while adding an AWS target.
      3.
      Optional: In case an AWS policy has been attached to a bucket then the bucket policy should be as follows:
        Note: Alice is user in root account 111122223333
      1
      {
      2
      "Version": "2012-10-17",
      3
      "Statement": [
      4
      {
      5
      "Effect": "Allow",
      6
      "Principal": {
      7
      "AWS": [
      8
      "arn:aws:iam::111122223333:user/Alice",
      9
      ]
      10
      },
      11
      "Action": [
      12
      "s3:ListBucket",
      13
      "s3:PutObject",
      14
      "s3:GetObject",
      15
      "s3:DeleteObject"
      16
      ],
      17
      "Resource": [
      18
      "arn:aws:s3:::my_bucket",
      19
      "arn:aws:s3:::my_bucket/*"
      20
      ]
      21
      }
      22
      ]
      23
      }
      Copied!
Last modified 5mo ago
Copy link