AWS S3 Permissions

When connecting Publisher to AWS S3, proper permissions configuration ensures secure and controlled access to your data. These permissions define how Publisher interacts with your S3 buckets, determining which operations can be performed and what security measures are in place.

The following guide outlines the key concepts and minimal configuration needed to establish a secure connection between Publisher and your AWS S3 resources.

Concepts

1. IAM User: This is an identity created for an individual user who needs access to AWS services. Each IAM user has a unique name and can have one or more access keys.

2. IAM Role: This is an identity that can be assumed by anyone who needs temporary access to AWS resources. Roles are used to delegate access to users, applications, or services that don't usually have access to your AWS resources.

3. S3 Bucket: This is a container for storing objects in Amazon S3. Each bucket has a unique name and can store an unlimited number of objects.

4. Permission: These are granular actions a user or role can perform on a given resource. Examples include s3:ListBucket, s3:GetObject, etc.

5. Policy: A collection of permissions that define what actions are allowed or denied for a user, group, or role. Policies are written in JSON and can be attached to IAM users, groups, or roles.

Minimal Configuration

Creating Credentials

Create a new IAM User

aws iam create-user --user-name publisher-connectors

Attach a Policy to the IAM User

aws iam put-user-policy --user-name publisher-connectors --policy-name S3AccessPolicy --policy-document '{
    "Version": "2024-10-24",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::${BUCKET}",
                "arn:aws:s3:::${BUCKET}/*"
            ]
        }
    ]
}'

Create Access Keys for the IAM User

aws iam create-access-key --user-name publisher-connectors