Connectors and Connections

Back Next

Create a minimal Amazon IAM policy

You can configure an IAM policy through the AWS console. Use AWS IAM authentication to securely control access to Amazon S3 resources.

Use the following minimum required policies for users to read data from an Amazon S3 bucket:

GetObject

ListBucket

Use the following minimum required policies for users to write data to an Amazon S3 bucket:

PutObject

GetObject

DeleteObject

ListBucket

ListBucketMultipartUploads. Applicable only for mappings in advanced mode.

The following sample policy shows the minimal Amazon IAM policy to write data to an Amazon S3 bucket:

{
    "Version": "2012-10-17",
    "Statement": 
	[
        {
            "Effect": "Allow",
            "Action":[
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:ListBucket",
				"s3:ListBucketMultipartUploads"
                     ],
            "Resource": [
                "arn:aws:s3:::<bucket_name>/*",
                "arn:aws:s3:::<bucket_name>"
                        ]
        }
    ]
}

For bucket level access in advanced mode, you need to provide the

AllowListBucketMultipartUploads

permission at the bucket level in addition to the

ListBucketMultipartUploads

permission.

The following sample policy shows the minimal Amazon IAM policy to access the S3 bucket at the bucket level in advanced mode:

  {
            "Sid": "AllowListBucketMultipartUploads",
            "Action": [
                "s3:ListBucketMultipartUploads"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::infa.qa.minimum.access.bucket"
            ]
        },

For mappings in advanced mode, you can use different AWS accounts within the same AWS region. Make sure that the Amazon IAM policy confirms access to the AWS accounts used in the mapping.

Prepare for authentication

Download Guide

Watch

Comments

Cloud Mass Ingestion Homepage