Issue 419 in s3fs: Docs should provide guidance for IAM access control policies
34 views
Skip to first unread message
s3...@googlecode.com
Apr 12, 2014, 4:28:17 PM4/12/14
to s3fs-...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 419 by c.carson...@gmail.com: Docs should provide guidance for
IAM access control policies
http://code.google.com/p/s3fs/issues/detail?id=419
A user may want to know specifically what minimal permissions are necessary
to grant to s3fs in order for it to work, in order to grant those
permissions, and no more.
To that end, the documentation (project wiki, README, etc) should provide
guidance as to which operations, and on what resources, s3fs operates.
With this information, the user can create an appropriate IAM Access
Control Policy for the IAM user or role that s3fs will use. Perhaps even
providing an example policy.
For example, this is the IAM policy I have attached to the user that I have
configured s3fs to use. This user belongs to the same account that owns
the bucket and objects. The policy attempts to grant read and write to
objects within a bucket, while denying destructive operations on the bucket
itself.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ObjectReadWrite",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::mybucket/*"
]
},
{
"Sid": "BucketRead",
"Effect": "Allow",
"Action": [
"s3:Get*", "s3:List*"
],
"Resource": [
"arn:aws:s3:::mybucket"
]
}
]
}
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 419 by c.carson...@gmail.com: Docs should provide guidance for
IAM access control policies
http://code.google.com/p/s3fs/issues/detail?id=419
A user may want to know specifically what minimal permissions are necessary
to grant to s3fs in order for it to work, in order to grant those
permissions, and no more.
To that end, the documentation (project wiki, README, etc) should provide
guidance as to which operations, and on what resources, s3fs operates.
With this information, the user can create an appropriate IAM Access
Control Policy for the IAM user or role that s3fs will use. Perhaps even
providing an example policy.
For example, this is the IAM policy I have attached to the user that I have
configured s3fs to use. This user belongs to the same account that owns
the bucket and objects. The policy attempts to grant read and write to
objects within a bucket, while denying destructive operations on the bucket
itself.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ObjectReadWrite",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::mybucket/*"
]
},
{
"Sid": "BucketRead",
"Effect": "Allow",
"Action": [
"s3:Get*", "s3:List*"
],
"Resource": [
"arn:aws:s3:::mybucket"
]
}
]
}
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
s3...@googlecode.com
Apr 28, 2014, 4:26:46 PM4/28/14
to s3fs-...@googlegroups.com
Comment #1 on issue 419 by 3vilPeng...@gmail.com: Docs should provide
+1. I had no idea how to do this until I found this ticket.
s3...@googlecode.com
May 19, 2015, 9:27:23 PM5/19/15
to s3fs-...@googlegroups.com
Comment #2 on issue 419 by pitta...@gmail.com: Docs should provide guidance
for IAM access control policies
https://code.google.com/p/s3fs/issues/detail?id=419
I'm having trouble mounting with IAM Roles. Switching to the target mount
directory after running s3fs says
-su: cd: /mnt: Transport endpoint is not connected
Could use some help
Reply all
Reply to author
Forward
0 new messages