Minimum permission policy for AWS S3

[mig4ng]

Following this tutorial/docs: https://cube.dev/docs/product/deployment#storage

What are the minimum permission policy required for this to work?

[igorlukanin]

Hi @mig4ng 👋 Are you asking about the Amazon S3 permissions? Cube Store would be storing files on S3, so it should have read and write access to S3.

[carneiroskeeled]

Hi @mig4ng 👋 Are you asking about the Amazon S3 permissions? Cube Store would be storing files on S3, so it should have read and write access to S3.

Yes @igorlukanin , the precise requirements. Because I created a policy that adds read and write permission to a specific bucket and I get an access error in the cube-router. I might be missing some permissions.

Does it need permission to list all buckets in order to work?

[carneiroskeeled]

Hi @paveltiunov @ovr maybe one of you might be able to answer me this 😄

[ovr]

it's better to use a separate bucket and allow all operations (something s3:*) for bucket and bucket/*.

[carneiroskeeled]

@ovr I did that, but it is breaking. It is only working when the API key has permission over all s3 buckets.
That's why I find it strange.