Closed wildintellect closed 1 year ago
jjfrench
commented
2 years ago Simple read bucket policy~
Version: "2012-10-17"
Statement:
- Sid: "Read-only access"
Effect: Allow
Principal:
AWS:
- "arn:aws:iam:{account_id}:root"
Action:
- s3:GetObject
- s3:ListBucket
# - s3:GetObjectTagging
# - s3:GetObjectVersion
# - s3:GetBucketLocation
Resource:
- "arn:aws:s3:::{bucket_name}"
- "arn:aws:s3:::{bucket_name}/*"HEC Meeting 8/25/22 - It sounds like JPL is specifically asking for access keys or a role. Can you recall any previous discussion about this ticket?
*Downgraded from "Showstopper" to "High", moved to R3 deliverables
jjfrench
commented
1 year ago @wildintellect, did you want to put what you had into maap-infrastructure?
wildintellect
commented
1 year ago I wonder if we need a repo specific to HEC? want to rename maap-hec-infrastucture
jjfrench
commented
1 year ago Yeah, I can rename it to that
wildintellect
commented
1 year ago Using AWS CloudShell logged into HEC-Dev AWS account, the following works.
aws s3 cp s3://maap-ops-workspace/nathanmthomas/DPS_tile_lists/HLS_tindex_master.csv
aws s3 cp s3://nasa-maap-data-store/file-staging/nasa-map/GEDI02_A___002/2019.04.18/GEDI02_A_2019108002012_O01959_01_T03909_02_003_01_V002.h5 .This is working, please note that GetObjects works ListObjects is denied but that should not be an issue as users should already know the path to an item.
wildintellect
commented
1 year ago @jplzhan see above for examples of accessing MAAP OPS buckets from HEC AWS account.
moronidav
commented
1 year ago @jplzhan , Has confirmed that this was successfully tested.
Describe the work to be done.
Enable the MAAP-AWS-HEC account Read-Only access to the MAAP Ops buckets for data egress. Buckets:
Definition of Done: