maven-s3-wagon icon indicating copy to clipboard operation
maven-s3-wagon copied to clipboard

Published 20 hours ago verified publisher icon jcaddel

Document which S3 permissions are required by the plugin

Open ksclarke opened this issue 11 years ago • 3 comments

I have an IAM user created for Maven to upload the site files into an S3 bucket. When I use a policy for a IAM user like:

{ "Statement": [ { "Sid": "Stmt1234567", "Action": ["s3:" ], "Effect": "Allow", "Resource": "" } ] }

The upload works. When I use:

{ "Statement": [ { "Sid": "Stmt13722196541", "Action": ["s3:*" ], "Effect": "Allow", "Resource": "arn:aws:s3:::bucket_name" } ] }

The upload fails. What are the permissions needed on the S3 side (user or bucket policy) to allow the plugin to only have access to one of the S3 buckets? I know it's probably because it needs to be able to list all the buckets to find the one it's using, but I've been unable to find the right combination of policies that will allow the plugin to run.

Could this be added to the wiki pages? Thanks.

ksclarke avatar Jun 26 '13 04:06 ksclarke

I think this is the basic user policy?

{ "Statement": [ { "Sid": "Stmt1372216541", "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Effect": "Allow", "Resource": "arn:aws:s3:::bucket_name/*" } ], "Statement": [ { "Sid": "Stmt1372212814", "Action": [ "s3:ListBucket" ], "Effect": "Allow", "Resource": "arn:aws:s3:::bucket_name" } ] }

ksclarke avatar Jun 26 '13 05:06 ksclarke

The permission issue explained: http://www.anujgakhar.com/2011/11/09/giving-access-to-a-single-s3-bucket-using-amazon-iam/

prateekgupta avatar Dec 26 '14 07:12 prateekgupta

+1 @ksclarke 's policy works for me. It would be useful to include it in the documentation.

R-Gerard avatar Oct 17 '17 16:10 R-Gerard