Topic on Extension talk:AWS

JSON for IAM Policy update

6
HyverDev (talkcontribs)

Been looking at this and it seems the JSON for the IAM role isn't correct anymore. Maybe amazon changed their grammar policy since the original entry this is what I have got to:

{
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::<something>/*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": "arn:aws:s3:::<something>"
        }
    ]
}
Edward Chernenko (talkcontribs)

Nothing changed. The example in the article was always supposed to be inserted into the Statement array. This is not a "replace IAM inline policy with this" example, because IAM inline policy may already exist (and contain other rules that shouldn't be overwritten).

MyWikis-JeffreyWang (talkcontribs)

I think the OP's sentiment is valid. Not sure why the documentation doesn't include this. It would make the setup less confusing to deal with for those who are new to S3/IAM.

MyWikis-JeffreyWang (talkcontribs)

Upon inspection, it did, but as a citation. Since this is very important, I've taken it out of a footnote.

DiscordiaChaos (talkcontribs)

Is there an example file that will work for someone who created a brand-new bucket just for this?

I'm asking about this due to hearing about increased security issues regarding AWS, and I want to keep things locked down while still enabling regular use of Mediawiki.

[Edited to make things more clear and reduce confusion]

MyWikis-JeffreyWang (talkcontribs)

@DiscordiaChaos The above JSON, in its exact form (apart from the ARN needing to be filled in), should be safe.

Reply to "JSON for IAM Policy update"