cube icon indicating copy to clipboard operation
cube copied to clipboard

Published 20 hours ago • verified publisher icon cube-js

Minimum permission policy for AWS S3

Open mig4ng opened this issue 1 year ago • 5 comments

Following this tutorial/docs: https://cube.dev/docs/product/deployment#storage

What are the minimum permission policy required for this to work?

mig4ng avatar Apr 18 '24 13:04 mig4ng

Hi @mig4ng 👋 Are you asking about the Amazon S3 permissions? Cube Store would be storing files on S3, so it should have read and write access to S3.

igorlukanin avatar Apr 18 '24 16:04 igorlukanin

Hi @mig4ng 👋 Are you asking about the Amazon S3 permissions? Cube Store would be storing files on S3, so it should have read and write access to S3.

Yes @igorlukanin , the precise requirements. Because I created a policy that adds read and write permission to a specific bucket and I get an access error in the cube-router. I might be missing some permissions.

Does it need permission to list all buckets in order to work?

carneiroskeeled avatar Apr 18 '24 17:04 carneiroskeeled

Hi @paveltiunov @ovr maybe one of you might be able to answer me this 😄

carneiroskeeled avatar May 16 '24 10:05 carneiroskeeled

it's better to use a separate bucket and allow all operations (something s3:*) for bucket and bucket/*.

ovr avatar May 16 '24 10:05 ovr

@ovr I did that, but it is breaking. It is only working when the API key has permission over all s3 buckets. That's why I find it strange.

carneiroskeeled avatar May 16 '24 13:05 carneiroskeeled