Creating IAM Role

Creating IAM Role

Create an IAM role with the following trust relationship:
  1. {
  2.     "Version": "2012-10-17",
  3.     "Statement": [
  4.         {
  5.             "Sid": "",
  6.             "Effect": "Allow",
  7.             "Principal": {
  8.                 "Service": "s3.amazonaws.com"
  9.             },
  10.             "Action": "sts:AssumeRole"
  11.         }
  12.     ]
  13. }
Create a policy as follows, replacing <bucket_arn> with the S3 bucket ARN supplied by Infra team, and <customer_bucket_arn> with the customer’s S3 bucket ARN.

  1. {
  2.     "Version": "2012-10-17",
  3.     "Statement": [
  4.         {
  5.             "Effect": "Allow",
  6.             "Action": [
  7.                 "s3:GetReplicationConfiguration",
  8.                 "s3:ListBucket"
  9.             ],
  10.             "Resource": [
  11.                 "<customer_bucket_arn>"
  12.             ]
  13.         },
  14.         {
  15.             "Effect": "Allow",
  16.             "Action": [
  17.                 "s3:GetObjectVersion",
  18.                 "s3:GetObjectVersionAcl",
  19.                 "s3:GetObjectVersionTagging"
  20.             ],
  21.             "Resource": [
  22.                 "<customer_bucket_arn>/*"
  23.             ]
  24.         },
  25.         {
  26.             "Effect": "Allow",
  27.             "Action": [
  28.                 "s3:ReplicateObject",
  29.                 "s3:ReplicateDelete",
  30.                 "s3:ReplicateTags"
  31.             ],
  32.             "Resource": [
  33.                 "<bucket_arn>/*"
  34.             ]
  35.         }
  36.     ]
  37. }

Provide IAM role ARN to Awaken

    • Related Articles

    • S3 Bucket Replication from Customer owned bucket to Awaken owned bucket

      Basic outline of steps Awaken PS provide customer with bucket ARN, and IAM role/policy details Customer sets up IAM role and policy and provides Awaken with the role ARN Awaken Infrastructure adds IAM role ARN to variable in terraform and this sets ...

    • S3 Bucket Replication

      The Awaken PS team will provide the following information S3 Bucket Name AWS Account ID Attached file includes the document to follow to complete the replciation setup.