Hello,
Does anyone have an IAM policy that follows the Principle of Least Privilege that will allow HybridMount to work with S3 in my AWS account?
This is what I have so far, but still getting errors. I could be iterating and adding one permission at a time forever. This can be very tedious. I wish that these developers would publish a list of permissions needed.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AccountLevelListAndInfo",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetAccountPublicAccessBlock",
"s3:GetAccelerateConfiguration"
],
"Resource": "*"
},
{
"Sid": "BucketMetadataAndListing",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::qnap-experiment"
},
{
"Sid": "ObjectActionsAndMultipart",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:RestoreObject",
"s3:GetObjectAcl",
"s3:PutObjectAcl",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload"
],
"Resource": "arn:aws:s3:::qnap-experiment/*"
},
{
"Sid": "ObjectTaggingAndRetention",
"Effect": "Allow",
"Action": [
"s3:GetObjectTagging",
"s3:PutObjectTagging",
"s3:DeleteObjectTagging",
"s3:GetObjectRetention",
"s3:PutObjectRetention",
"s3:GetObjectLegalHold",
"s3:PutObjectLegalHold"
],
"Resource": "arn:aws:s3:::qnap-experiment/*"
}
]
}