Create an IAM role with the following trust relationship:
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Sid": "",
- "Effect": "Allow",
- "Principal": {
- "Service": "s3.amazonaws.com"
- },
- "Action": "sts:AssumeRole"
- }
- ]
- }
Create a policy as follows, replacing <bucket_arn> with the S3 bucket ARN supplied by Infra team, and <customer_bucket_arn> with the customer’s S3 bucket ARN.
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Action": [
- "s3:GetReplicationConfiguration",
- "s3:ListBucket"
- ],
- "Resource": [
- "<customer_bucket_arn>"
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "s3:GetObjectVersion",
- "s3:GetObjectVersionAcl",
- "s3:GetObjectVersionTagging"
- ],
- "Resource": [
- "<customer_bucket_arn>/*"
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "s3:ReplicateObject",
- "s3:ReplicateDelete",
- "s3:ReplicateTags"
- ],
- "Resource": [
- "<bucket_arn>/*"
- ]
- }
- ]
- }
Provide IAM role ARN to Awaken