feature: IAM Policies S3 Wasabi compatibles

This commit is contained in:
Claudio Maradonna 2021-08-07 11:39:32 +02:00
parent c56954a92a
commit 73185baeac
Signed by: claudiomaradonna
GPG key ID: B1EDCB4C3B05C387
3 changed files with 47 additions and 0 deletions

7
IAM/README.md Normal file
View file

@ -0,0 +1,7 @@
# IAM Policies
Actually those policies are tested on Wasabi S3 account.
## Limitations
* The policy `user_allow_specific_bucket.json` doesn't allow console operations

View file

@ -0,0 +1,15 @@
{
"Statement": [
{
"Resource": [
"arn:aws:s3:::bucket-name/*",
"arn:aws:s3:::bucket-name"
],
"Action": [
"s3:*"
],
"Effect": "Allow"
}
],
"Version": "2012-10-17"
}

View file

@ -0,0 +1,25 @@
{
"Statement": [
{
"NotResource": [
"arn:aws:s3:::bucket-name/*",
"arn:aws:s3:::bucket-name"
],
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Effect": "Deny"
},
{
"NotResource": [
"arn:aws:s3:::bucket-name/*",
"arn:aws:s3:::bucket-name"
],
"Action": "s3:*",
"Effect": "Deny"
}
],
"Version": "2012-10-17"
}