Commit 0fd9e9eb authored by Achilleas Pipinellis's avatar Achilleas Pipinellis

Merge branch 'docs-aws-fix-iam-policy' into 'master'

Remove invalid S3 Action and split bucket level actions

Closes #243561

See merge request gitlab-org/gitlab!41560
parents ae8ea6eb 3db32e4d
...@@ -68,28 +68,32 @@ As we'll be using [Amazon S3 object storage](#amazon-s3-object-storage), our EC2 ...@@ -68,28 +68,32 @@ As we'll be using [Amazon S3 object storage](#amazon-s3-object-storage), our EC2
1. Click **Create policy**, select the `JSON` tab, and add a policy. We want to [follow security best practices and grant _least privilege_](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege), giving our role only the permissions needed to perform the required actions. 1. Click **Create policy**, select the `JSON` tab, and add a policy. We want to [follow security best practices and grant _least privilege_](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege), giving our role only the permissions needed to perform the required actions.
1. Assuming you prefix the S3 bucket names with `gl-` as shown in the diagram, add the following policy: 1. Assuming you prefix the S3 bucket names with `gl-` as shown in the diagram, add the following policy:
```json ```json
{ { "Version": "2012-10-17",
"Version": "2012-10-17", "Statement": [
"Statement": [ {
{ "Effect": "Allow",
"Effect": "Allow", "Action": [
"Action": [ "s3:PutObject",
"s3:AbortMultipartUpload", "s3:GetObject",
"s3:CompleteMultipartUpload", "s3:DeleteObject",
"s3:ListBucket", "s3:PutObjectAcl"
"s3:PutObject", ],
"s3:GetObject", "Resource": "arn:aws:s3:::gl-*/*"
"s3:DeleteObject", },
"s3:PutObjectAcl" {
], "Effect": "Allow",
"Resource": [ "Action": [
"arn:aws:s3:::gl-*/*" "s3:ListBucket",
] "s3:AbortMultipartUpload",
} "s3:ListMultipartUploadParts",
] "s3:ListBucketMultipartUploads"
} ],
``` "Resource": "arn:aws:s3:::gl-*"
}
]
}
```
1. Click **Review policy**, give your policy a name (we'll use `gl-s3-policy`), and click **Create policy**. 1. Click **Review policy**, give your policy a name (we'll use `gl-s3-policy`), and click **Create policy**.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment