yangljun / s3fs

Automatically exported from code.google.com/p/s3fs
GNU General Public License v2.0
0 stars 0 forks source link

Docs should provide guidance for IAM access control policies #419

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
A user may want to know specifically what minimal permissions are necessary to 
grant to s3fs in order for it to work, in order to grant those permissions, and 
no more.

To that end, the documentation (project wiki, README, etc) should provide 
guidance as to which operations, and on what resources, s3fs operates.  With 
this information, the user can create an appropriate IAM Access Control Policy 
for the IAM user or role that s3fs will use.  Perhaps even providing an example 
policy.

For example, this is the IAM policy I have attached to the user that I have 
configured s3fs to use.  This user belongs to the same account that owns the 
bucket and objects.  The policy attempts to grant read and write to objects 
within a bucket, while denying destructive operations on the bucket itself.
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ObjectReadWrite",
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::mybucket/*"
            ]
        },
        {
            "Sid": "BucketRead",
            "Effect": "Allow",
            "Action": [
                "s3:Get*", "s3:List*"
            ],
            "Resource": [
                "arn:aws:s3:::mybucket"
            ]
        }
    ]
}

Original issue reported on code.google.com by c.carson...@gmail.com on 12 Apr 2014 at 8:28

GoogleCodeExporter commented 9 years ago
+1. I had no idea how to do this until I found this ticket.

Original comment by 3vilPeng...@gmail.com on 28 Apr 2014 at 8:26

GoogleCodeExporter commented 9 years ago
I'm having trouble mounting with IAM Roles. Switching to the target mount 
directory after running s3fs says

 -su: cd: /mnt: Transport endpoint is not connected

Could use some help

Original comment by pitta...@gmail.com on 20 May 2015 at 1:27