Open otto-liljalaakso-nt opened 2 years ago
Not sure if you still needed help, but I saw this still sitting here, I'm using something like this:
{
"Statement": [
{
"Action": "s3:GetObject",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::$bucket/pool/*",
"arn:aws:s3:::$bucket/dists/*"
],
"Sid": "S3AptReadOnly"
}
],
"Version": "2012-10-17"
}
I'm not sure you can get more minimal than this. For write you'd probably only need to add "s3:PutObject" but I don't have a specific policy to look at for that.
Thank you for the policy. I do not use this library at the moment, but hopefully this will help others who do.
I have a use case that I intend to solve by creating a dedicated IAM user, who will only interact with apt repos in S3 using
apt-transport-s3
. I would like to give that IAM user minimal permission needed for the job. However, it is not easy for me to understand what they sould be. Is it possible to document the minimal requirements in README? Preferably separately for read and read/write, if such separation makes sense here.