Skip to content

Commit

Permalink
[doc] correct S3 policy for multiparts
Browse files Browse the repository at this point in the history 
for multipart to work correctly you need to also include the necessary actions in the policy.

```json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation",
                "s3:ListBucketMultipartUploads",
                "s3:ListBucketVersions"
            ],
            "Resource": [
                "arn:aws:s3:::yourbucket"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:PutObjectAcl",
                "s3:AbortMultipartUpload",
                "s3:ListMultipartUploadParts"
            ],
            "Resource": [
                "arn:aws:s3:::yourbucket/*"
            ]
        }
    ]
}
```

Closes #214

(cherry picked from commit 62966ad)
(cherry picked from commit 25a37a5)
(cherry picked from commit e72af19)
  • Loading branch information
@dadoonet
dadoonet committed May 20, 2015
1 parent 551f2da commit 9206b0d
Showing 1 changed file with 14 additions and 6 deletions.
20 changes: 14 additions & 6 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,10 @@ In order to restrict the Elasticsearch snapshot process to the minimum required
"Statement": [
{
"Action": [
"s3:ListBucket"
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
Expand All @@ -221,7 +224,9 @@ In order to restrict the Elasticsearch snapshot process to the minimum required
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
"s3:DeleteObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts"
],
"Effect": "Allow",
"Resource": [
Expand All @@ -231,7 +236,6 @@ In order to restrict the Elasticsearch snapshot process to the minimum required
],
"Version": "2012-10-17"
}

```

You may further restrict the permissions by specifying a prefix within the bucket, in this example, named "foo".
Expand All @@ -241,7 +245,10 @@ You may further restrict the permissions by specifying a prefix within the bucke
"Statement": [
{
"Action": [
"s3:ListBucket"
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions"
],
"Condition": {
"StringLike": {
Expand All @@ -259,7 +266,9 @@ You may further restrict the permissions by specifying a prefix within the bucke
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
"s3:DeleteObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts"
],
"Effect": "Allow",
"Resource": [
Expand All @@ -269,7 +278,6 @@ You may further restrict the permissions by specifying a prefix within the bucke
],
"Version": "2012-10-17"
}

```

The bucket needs to exist to register a repository for snapshots. If you did not create the bucket then the repository registration will fail. If you want elasticsearch to create the bucket instead, you can add the permission to create a specific bucket like this:
Expand Down

0 comments on commit 9206b0d

Please sign in to comment.