diff --git a/docs/s3_user_policy.md b/docs/s3_user_policy.md index fa1c0d5..a1507e2 100644 --- a/docs/s3_user_policy.md +++ b/docs/s3_user_policy.md @@ -1,5 +1,17 @@ # AWS S3 Bucket: How to configure user's policy +## Attention + +Please read the doc carefully and adjust the optional fields accordingly. The doc is not fully tested and contributions are welcome. + +## AWS Official Docs + +* +* +* + +## Prerequisites + Using the principle of least privilege is crucial for security when allowing a third party system to access your AWS resources. **Prerequisites**: Ensure you have an AWS account and administrative access to manage IAM policies. @@ -20,7 +32,7 @@ Using the principle of least privilege is crucial for security when allowing a t "Sid": "ObsidianBucket", "Effect": "Allow", "Action": [ - "s3:ListBucket" + "s3:HeadBucket" ], "Resource": "arn:aws:s3:::my-bucket" }, @@ -28,9 +40,21 @@ Using the principle of least privilege is crucial for security when allowing a t "Sid": "ObsidianObjects", "Effect": "Allow", "Action": [ + "s3:HeadObject", "s3:PutObject", + "s3:CopyObject", + "s3:UploadPart", + "s3:UploadPartCopy", + "s3:ListMultipartUploads", + "s3:AbortMultipartUpload", + "s3:CompleteMultipartUpload", + "s3:ListObjects", + "s3:ListObjectsV2", + "s3:ListParts", "s3:GetObject", - "s3:DeleteObject" + "s3:GetObjectAttributes", + "s3:DeleteObject", + "s3:DeleteObjects" ], "Resource": "arn:aws:s3:::my-bucket/*" } @@ -55,4 +79,4 @@ After attaching the policy, test it by trying to access the S3 bucket through th ## Troubleshooting -If you encounter permission errors, check the policy for typos in the bucket name or actions. Ensure the policy is attached to the correct user. \ No newline at end of file +If you encounter permission errors, check the policy for typos in the bucket name or actions. Ensure the policy is attached to the correct user.