s3-deploy icon indicating copy to clipboard operation
s3-deploy copied to clipboard

Published 20 hours ago verified publisher icon Reggionick

Policy example

Open slavafomin opened this issue 3 years ago • 1 comments

Hello!

Thank you for this great action!

However, it would be extremely helpful if someone would provide an IAM policy example with minimal required permissions for this action to work properly.

Thanks.

slavafomin avatar Nov 13 '21 18:11 slavafomin

I'm using this one:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:DeleteObject",
                "s3:ListMultipartUploadParts",
                "s3:AbortMultipartUpload",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::bucket-name/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::bucket-name"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "cloudfront:CreateInvalidation",
                "cloudfront:GetInvalidation",
                "cloudfront:ListInvalidations"
            ],
            "Resource": [
                "arn:aws:cloudfront::dist-arn"
            ]
        }
    ]
}

scofield-ua avatar Nov 21 '21 12:11 scofield-ua

Would love to see a minimum required IAM policy as a part of the Documentation \ Readme. For sure, creating a role with S3FullAccess works just fine, but it is probably not the best practice.

PeterGreshnov avatar Mar 12 '23 12:03 PeterGreshnov

This is available now: https://github.com/Reggionick/s3-deploy/blob/master/README.md#minimum-iam-policy

coliff avatar Mar 01 '24 04:03 coliff