Table of Contents

Search

  1. Preface
  2. Introduction to Amazon S3 V2 Connector
  3. Amazon S3 V2 connections
  4. Amazon S3 V2 sources and targets
  5. Mappings and mapping tasks with Amazon S3 V2
  6. Migrating a mapping
  7. Upgrading to Amazon S3 V2 Connector
  8. Data type reference
  9. Troubleshooting

Amazon S3 V2 Connector

Amazon S3 V2 Connector

Create a minimal Amazon IAM policy

Create a minimal Amazon IAM policy

You can configure an IAM policy through the AWS console. Use AWS IAM authentication to securely control access to Amazon S3 resources.
Use the following minimum required policies for users to successfully read data from an Amazon S3 bucket:
  • GetObject
  • ListBucket
Use the following minimum required policies for users to successfully write data to an Amazon S3 bucket:
  • PutObject
  • GetObject
  • DeleteObject
  • ListBucket
  • ListBucketMultipartUploads. Applicable only for mappings in advanced mode.
The following sample policy shows the minimal Amazon IAM policy to write data to an Amazon S3 bucket:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action":[ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:ListBucket", "s3:ListBucketMultipartUploads" ], "Resource": [ "arn:aws:s3:::<bucket_name>/*", "arn:aws:s3:::<bucket_name>" ] } ] }
For bucket level access in advanced mode, you need to provide the
AllowListBucketMultipartUploads
permission at the bucket level in addition to the
ListBucketMultipartUploads
permission.
The following sample policy shows the minimal Amazon IAM policy to access the S3 bucket at the bucket level in advanced mode:
{ "Sid":
"AllowListBucketMultipartUploads"
, "Action": [
"s3:ListBucketMultipartUploads"
], "Effect": "Allow", "Resource": [ "arn:aws:s3:::infa.qa.minimum.access.bucket" ] },
For mappings in the advanced mode, you can use different AWS accounts within the same AWS region. Make sure that the Amazon IAM policy confirms access to the AWS accounts used in the mapping.

0 COMMENTS

We’d like to hear from you!