IAM Policy
AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources for your users. You can use IAM to create a group, a user or a role and associate a policy with the set of privileges/permissions to access your AWS resources. For more information, refer to the Overview of IAM Policies article in the AWS documentation.
The IAM role name specified in the stack should have the following permissions:
s3:PutObject
s3:PutObjectAcl
s3:GetObject
s3:DeleteObject
As an example, here is an IAM role with the permissions to the S3 bucket.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::waf-license-bucket",
"Effect": "Allow"
},
{
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::waf-bootstrap-bucket",
"Effect": "Allow"
},
{
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::waf-cluster-bucket",
"Effect": "Allow"
},
{
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::qa-waf-bc",
"Effect": "Allow"
},
{
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::waf-license-bucket/*",
"Effect": "Allow"
},
{
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::waf-bootstrap-bucket/*",
"Effect": "Allow"
},
{
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::waf-cluster-bucket/*",
"Effect": "Allow"
},
{
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::qa-waf-bc/*",
"Effect": "Allow"
}
]
}
Contact Us
Barracuda Campus
Barracuda Support