(This is a, slightly edited, crosspost of
https://stackoverflow.com/questions/56481421/least-privilege-necessary-for-s3ql-on-aws-s3)
l'm trying to set up an s3ql backup in an aws s3 bucket, but l'm having
issues defining the proper permissions. l've defined an IAM policy for the
backup users like
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::job/*",
"arn:aws:s3:::<bucket>/<object>",
"arn:aws:s3:::<bucket>"
]
}
]
}
The idea was to start with all s3 privileges and then reduce from
there. However, this is not enough. First of all l get a warning from
AWS about the permissions themselves. Second of all l get an access
denied message from `mkfs.s3ql`
lf, however, l take the action using my super-user account, the filesystem
is created successfully.
Obviously l'm not going to leave super user permissions in the hands of a
backup script intended
to run on its own roughly daily. What is a policy that provides the
necessary permissions and no more?
Thanks
--
You received this message because you are subscribed to the Google Groups
"s3ql" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/s3ql/90d2ea7e-d644-4800-ad82-d3497162ae51%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
