S3 permissions
- From: "Hrivnak, Michael" <mhrivnak hrivnak org>
- To: deja-dup-list gnome org
- Subject: S3 permissions
- Date: Tue, 25 Feb 2014 09:20:33 -0500
Hello,
I was very excited to see that S3 is supported as a target. However, I'm having trouble coming up with a reasonable set of permissions that allow it to work. I do not want to give deja dup unlimited "power user" access to my entire S3 account, but am happy to give it full access to one bucket.
My IAM policy is below. Deja dup is able to create the bucket, but it is not then able to upload any files. Each upload attempt is met with a "403". I'm not sure if the ListBuckets permission is actually helpful, but I thought it might prevent deja dup from trying to re-create an existing bucket (which was not the case). The real one obviously has the "<access-key-id>" populated.
Suggestions?
{
"Version": "2012-10-17",
"Statement": [
{
"Effect":"Allow",
"Action":[
"s3:CreateBucket"
],
"Resource":"arn:aws:s3:::*"
},
{
"Effect":"Allow",
"Action":[
"s3:ListAllMyBuckets"
],
"Resource":"arn:aws:s3:::*"
},
{
"Sid": "Stmt1393303683000",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::deja-dup-auto-<access-key-id>/*"
]
}
]
}
[Date Prev][
Date Next] [Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]