How to configure S3 bucket for filestore
Create a S3 bucket with the following permission:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::BUCKET_NAME_1/*"
}
]
}
Replace the placeholder BUCKET_NAME_1
with the bucket name. Once s3 bucket is created, create an IAM user with the required access. The required access can be granted to the user by creating and attaching the following policy .
Create IAM user and attach the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::BUCKET_NAME_1",
"arn:aws:s3:::BUCKET_NAME_2"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::BUCKET_NAME_1/*",
"arn:aws:s3:::BUCKET_NAME_2/*"
]
}
]
}
Also give the AmazonS3ReadOnlyAccess permission.
Note: The above policy gives access to two buckets BUCKET_NAME_1
and BUCKET_NAME_2
, if you gave only one bucket keep only one entry in the permissions.
Once you create the IAM user, get the access key and secret key for that user and add it in the env secrets file.