S3 IAM Permissions For AWS TimeStream CreateBatchLoadTask

Question

I couldn't find this anywhere when I searched but I figured it out and decided to post it here in case anyone else was searching. The permissions needed to the S3 bucket for TimeStream CreateBatchLoadTask API calls are as follows (also includes TimeStream permissions):

{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Sid": "VisualEditor0",
          "Effect": "Allow",
          "Action": [
              "s3:PutObjectAcl",
              "s3:PutObject",
              "s3:GetObject"
          ],
          "Resource": "arn:aws:s3:::*/*"
      },
      {
          "Sid": "VisualEditor1",
          "Effect": "Allow",
          "Action": [
              "s3:ListBucket",
              "s3:GetBucketAcl"
          ],
          "Resource": "arn:aws:s3:::*"
      },
      {
          "Sid": "VisualEditor2",
          "Effect": "Allow",
          "Action": [
              "timestream:WriteRecords",
              "timestream:CreateBatchLoadTask"
          ],
          "Resource": "arn:aws:timestream:*:*:database/*/table/*"
      },
      {
          "Sid": "VisualEditor3",
          "Effect": "Allow",
          "Action": [
              "timestream:DescribeEndpoints"
          ],
          "Resource": "*"
      }
  ]
}

The reason this was difficult is the error message returned by the cli or lambda response doesn't specify the permission needed to perform the action. Just that Access was forbidden to the S3 bucket

No expectation.

score 0 · Answer 1 · edited Apr 27 '23 at 12:07

0

Just bumped into this one, I was missing s3:GetBucketAcl when creating which caused the error but didn't mention which permission it was missing. The ACL permission solved it for me. Thank you!

edited Apr 27 '23 at 12:07

Arpit Jain

1,599
9
23

answered Apr 25 '23 at 15:41

Zarko B

1
2

S3 IAM Permissions For AWS TimeStream CreateBatchLoadTask

1 Answers1