aws-maven icon indicating copy to clipboard operation
aws-maven copied to clipboard

Published 20 hours ago verified publisher icon spring-attic

Required permissions are unclear.

Open dsaita opened this issue 9 years ago • 2 comments

Hello. I can't find any documentation describing the required permissions that I have to grant on my bucket. Going "s3:*" is not the best choice overall.

dsaita avatar May 16 '16 22:05 dsaita

Second this - I have been trying to expose an S3 maven bucket in read-only mode via an IAM account using ListBucket and GetObject as described on the readme page, but found it was not working and I kept hitting AccessDenied errors.
After debugging the plugin I realised it was failing on line 86 of SimpleStorageServiceWagon, when making a call to getBucketLocation. When I added the s3:GetBucketLocation permission to the statement in the user's policy, sure enough it started working.

tommyb82 avatar Sep 29 '16 09:09 tommyb82

The minimal permissions that I needed to get this working were:

      "s3:Get*",
      "s3:List*",
      "s3:PutObject",
      "s3:PutObjectAcl",
      "s3:DeleteObject"

Which is effectively the default S3 read-only policy plus PutObject, PutObjectAcl, and DeleteObject

dweomer avatar Jul 10 '17 20:07 dweomer