0

I want to be able to let AWS upload billing CSV to S3. This requires an IAM policy. I have one IAM user that I gave AmazonS3FullAccess. In the bucket properties I can add a policy. Then a policy editor pops up, with a link to a policy generator. There I see a form with the following values:

  • Policy type: S3 bucket policy
  • Effect: allow
  • Principal: ???
  • AWS Service: S3 (cannot be changed)
  • Action: PutObject
  • ARN: arn:aws:s3:::xyzbillingreport/keyname???

Questions

  1. What is the principal and what do I put there?
  2. What is the keyname? Where do I find it?
  3. Is the PutObject action enough to upload a billing report, or do I need more?
SPRBRN
  • 571
  • 4
  • 12
  • 28
  • 1
    See http://docs.aws.amazon.com/AmazonS3/latest/dev/s3-bucket-user-policy-specifying-principal-intro.html and http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html – Federico Sierra Jan 25 '16 at 15:21

1 Answers1

1

Questions

What is the principal and what do I put there?

---The principal is the ARN of the IAM user, role or account that you want to grant or deny access in this policy.

What is the keyname? Where do I find it?

---What S3 calls "Keys" you may call a "folder", it is the sub folders you create within the bucket. If do not wish to add that level of specificity to your permissions you can just supply the bucket

Is the PutObject action enough to upload a billing report, or do I need more?

---This really depends on what/who is uploading the file and how. If you are using the CLI to directly upload to the target bucket then "s3:Put*" is fine, if a person is using the console or uploading software, they will also need "s3:List*"

CloudWalker
  • 111
  • 6