list all the actions i could think of

2024-06-07 21:10:45 +00:00 · 2024-01-05 22:24:37 +08:00 · 2024-01-05 22:24:37 +08:00 · d1cfe0c978
commit d1cfe0c978
parent e3e8db04e2
1 changed files with 27 additions and 3 deletions
--- a/docs/s3_user_policy.md
+++ b/docs/s3_user_policy.md
@ -1,5 +1,17 @@
 # AWS S3 Bucket: How to configure user's policy

+## Attention
+
+Please read the doc carefully and adjust the optional fields accordingly. The doc is not fully tested and contributions are welcome.
+
+## AWS Official Docs
+
+* <https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-policy-language-overview.html>
+* <https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html>
+* <https://docs.aws.amazon.com/AmazonS3/latest/API/API_Operations.html>
+
+## Prerequisites
+
 Using the principle of least privilege is crucial for security when allowing a third party system to access your AWS resources.

 **Prerequisites**: Ensure you have an AWS account and administrative access to manage IAM policies.
@ -20,7 +32,7 @@ Using the principle of least privilege is crucial for security when allowing a t
            "Sid": "ObsidianBucket",
            "Effect": "Allow",
            "Action": [
-                "s3:ListBucket"
+                "s3:HeadBucket"
            ],
            "Resource": "arn:aws:s3:::my-bucket"
        },
@ -28,9 +40,21 @@ Using the principle of least privilege is crucial for security when allowing a t
            "Sid": "ObsidianObjects",
            "Effect": "Allow",
            "Action": [
+                "s3:HeadObject",
                "s3:PutObject",
+                "s3:CopyObject",
+                "s3:UploadPart",
+                "s3:UploadPartCopy",
+                "s3:ListMultipartUploads",
+                "s3:AbortMultipartUpload",
+                "s3:CompleteMultipartUpload",
+                "s3:ListObjects",
+                "s3:ListObjectsV2",
+                "s3:ListParts",
                "s3:GetObject",
-                "s3:DeleteObject"
+                "s3:GetObjectAttributes",
+                "s3:DeleteObject",
+                "s3:DeleteObjects"
            ],
            "Resource": "arn:aws:s3:::my-bucket/*"
        }
@ -55,4 +79,4 @@ After attaching the policy, test it by trying to access the S3 bucket through th

 ## Troubleshooting

-If you encounter permission errors, check the policy for typos in the bucket name or actions. Ensure the policy is attached to the correct user.
+If you encounter permission errors, check the policy for typos in the bucket name or actions. Ensure the policy is attached to the correct user.