AWS S3 Permissions

Concepts

IAM User: This is an identity created for an individual user who needs access to AWS services. Each IAM user has a unique name and can have one or more access keys.
IAM Role: This is an identity that can be assumed by anyone who needs temporary access to AWS resources. Roles are used to delegate access to users, applications, or services that don't usually have access to your AWS resources.
S3 Bucket: This is a container for storing objects in Amazon S3. Each bucket has a unique name and can store an unlimited number of objects.
Permission: These are granular actions a user or role can perform on a given resource. Examples include s3:ListBucket, s3:GetObject, etc.
Policy: A collection of permissions that define what actions are allowed or denied for a user, group, or role. Policies are written in JSON and can be attached to IAM users, groups, or roles.

Minimal Configuration

To perform these operations, you must log in to your AWS as an administrator.

This setup represents the minimal permissions needed to connect Publisher to an AWS S3 Storage bucket.

Creating Credentials

Create a new IAM User

aws iam create-user --user-name publisher-connectors

Attach a Policy to the IAM User

aws iam put-user-policy --user-name publisher-connectors --policy-name S3AccessPolicy --policy-document '{
    "Version": "2024-10-24",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::${BUCKET}",
                "arn:aws:s3:::${BUCKET}/*"
            ]
        }
    ]
}'

Create Access Keys for the IAM User

aws iam create-access-key --user-name publisher-connectors

PreviousConnecting to AWS S3 Storage NextBigQuery Permissions

Last updated 5 days ago