Skip to content

Latest commit

 

History

History
73 lines (58 loc) · 2.1 KB

File metadata and controls

73 lines (58 loc) · 2.1 KB

Set up Credential for Amazon S3

  • Step 1: Create IAM Policy

Open AWS Management Console, Go to IAM > Policy, click Create Policy

Create a policy using below example IAM policy statement with minimum permissions. Change the <your-bucket-name> in the policy statement accordingly.

If it's for S3 buckets in China regions, please make sure you also change to use arn:aws-cn:s3::: instead of arn:aws:s3:::

  • For Source Bucket

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "dth",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource":[
                "arn:aws:s3:::<your-bucket-name>/*",
                "arn:aws:s3:::<your-bucket-name>"
            ]
        }
    ]
}
  • For Desination Bucket

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "dth",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:ListBucket",
                "s3:PutObjectAcl",
                "s3:AbortMultipartUpload",
                "s3:ListBucketMultipartUploads",
                "s3:ListMultipartUploadParts"
            ],
            "Resource": [
                "arn:aws:s3:::<your-bucket-name>/*",
                "arn:aws:s3:::<your-bucket-name>"
            ]
        }
    ]
}

Note that if you want to enable S3 Delete Event, you will need to add "s3:DeleteObject" permission to the policy.

  • Step 2: Create User

Open AWS Management Console, Go to IAM > User, click Add User, follow the wizard to create the user with credential.

  1. Specify a user name, for example dth-user. And for Accesss Type, select Programmatic access only. Click Next: Permissions
  2. Select Attach existing policies directly, search and use the policy created in Step 1, and click Next: Tags
  3. Add tags if needed, click Next: Review
  4. Review the user details, and Click Create User
  5. Make sure you copied/saved the credential, and then click Close

Create User