Merge branch 'docs-aws-fix-iam-policy' into 'master'

Remove invalid S3 Action and split bucket level actions Closes #243561 See merge request gitlab-org/gitlab!41560

Merge branch 'docs-aws-fix-iam-policy' into 'master'
Remove invalid S3 Action and split bucket level actions Closes #243561 See merge request gitlab-org/gitlab!41560
0fd9e9eb · Achilleas Pipinellis · ae8ea6eb · 3db32e4d · 0fd9e9eb
Commit 0fd9e9eb authored Sep 04, 2020 by Achilleas Pipinellis
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 22 deletions

doc/install/aws/index.md doc/install/aws/index.md +26 -22

No files found.
--- a/doc/install/aws/index.md
+++ b/doc/install/aws/index.md
@@ -68,28 +68,32 @@ As we'll be using [Amazon S3 object storage](#amazon-s3-object-storage), our EC2
 1. Click **Create policy**, select the `JSON` tab, and add a policy. We want to [follow security best practices and grant _least privilege_](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege), giving our role only the permissions needed to perform the required actions.
   1. Assuming you prefix the S3 bucket names with `gl-` as shown in the diagram, add the following policy:

-```json
-{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Effect": "Allow",
-            "Action": [
-                "s3:AbortMultipartUpload",
-                "s3:CompleteMultipartUpload",
-                "s3:ListBucket",
-                "s3:PutObject",
-                "s3:GetObject",
-                "s3:DeleteObject",
-                "s3:PutObjectAcl"
-            ],
-            "Resource": [
-                "arn:aws:s3:::gl-*/*"
-            ]
-        }
-    ]
-}
-```
+   ```json
+   {   "Version": "2012-10-17",
+       "Statement": [
+           {
+               "Effect": "Allow",
+               "Action": [
+                   "s3:PutObject",
+                   "s3:GetObject",
+                   "s3:DeleteObject",
+                   "s3:PutObjectAcl"
+               ],
+               "Resource": "arn:aws:s3:::gl-*/*"
+           },
+           {
+               "Effect": "Allow",
+               "Action": [
+                   "s3:ListBucket",
+                   "s3:AbortMultipartUpload",
+                   "s3:ListMultipartUploadParts",
+                   "s3:ListBucketMultipartUploads"
+               ],
+               "Resource": "arn:aws:s3:::gl-*"
+           }
+       ]
+   }
+   ```

 1. Click **Review policy**, give your policy a name (we'll use `gl-s3-policy`), and click **Create policy**.