Cloud Data Manager

AWS S3 security considerations

When using AWS, follow the instructions in Security Best Practices in IAM

Permit the following actions for both the bucket and all objects:

s3:PutObject

s3:GetObject

s3:ListBucketByTags

s3:ListBucketVersions

s3:ListBucket

s3:DeleteObject

s3:GetBucketLocation

Permit the following actions for the bucket:

s3:HeadBucket

The following is an example of a JSON policy:

{
"Action": [
    "s3:PutObject",
    "s3:GetObject",
    "s3:ListBucketVersions",
    "s3:ListBucket",
    "s3:DeleteObject",
    "s3:GetBucketLocation"
],
"Resource": [
    "arn:aws:s3:::<BUCKET_NAME>",
    "arn:aws:s3:::<BUCKET_NAME>/model9/*",
    "arn:aws:s3:::<BUCKET_NAME>/agents/*"
],
"Sid": "ObjectAccess",
"Effect": "Allow"
},
{
    "Action": "s3:HeadBucket",
    "Resource": "*",
    "Sid": "BucketAccess",
    "Effect": "Allow"
}