search

jcaddel / maven-s3-wagon

Multi-threaded wagon to connect Maven with Amazon S3
123 stars 50 forks source link

Document which S3 permissions are required by the plugin #10

Open ksclarke opened 11 years ago

ksclarke commented 11 years ago

I have an IAM user created for Maven to upload the site files into an S3 bucket. When I use a policy for a IAM user like:

{ "Statement": [ { "Sid": "Stmt1234567", "Action": ["s3:" ], "Effect": "Allow", "Resource": "" } ] }

The upload works. When I use:

{ "Statement": [ { "Sid": "Stmt13722196541", "Action": ["s3:*" ], "Effect": "Allow", "Resource": "arn:aws:s3:::bucket_name" } ] }

The upload fails. What are the permissions needed on the S3 side (user or bucket policy) to allow the plugin to only have access to one of the S3 buckets? I know it's probably because it needs to be able to list all the buckets to find the one it's using, but I've been unable to find the right combination of policies that will allow the plugin to run.

Could this be added to the wiki pages? Thanks.

ksclarke commented 11 years ago

I think this is the basic user policy?

{ "Statement": [ { "Sid": "Stmt1372216541", "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Effect": "Allow", "Resource": "arn:aws:s3:::bucket_name/*" } ], "Statement": [ { "Sid": "Stmt1372212814", "Action": [ "s3:ListBucket" ], "Effect": "Allow", "Resource": "arn:aws:s3:::bucket_name" } ] }

prateekgupta commented 9 years ago

The permission issue explained: http://www.anujgakhar.com/2011/11/09/giving-access-to-a-single-s3-bucket-using-amazon-iam/

R-Gerard commented 6 years ago

+1 @ksclarke 's policy works for me. It would be useful to include it in the documentation.