Document which S3 permissions are required by the plugin

[ksclarke]

I have an IAM user created for Maven to upload the site files into an S3 bucket. When I use a policy for a IAM user like:

{
"Statement": [
{
"Sid": "Stmt1234567",
"Action": ["s3:"
],
"Effect": "Allow",
"Resource": ""
}
]
}

The upload works. When I use:

{
"Statement": [
{
"Sid": "Stmt13722196541",
"Action": ["s3:*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::bucket_name"
}
]
}

The upload fails. What are the permissions needed on the S3 side (user or bucket policy) to allow the plugin to only have access to one of the S3 buckets? I know it's probably because it needs to be able to list all the buckets to find the one it's using, but I've been unable to find the right combination of policies that will allow the plugin to run.

Could this be added to the wiki pages? Thanks.

[ksclarke]

I think this is the basic user policy?

{
"Statement": [
{
"Sid": "Stmt1372216541",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::bucket_name/*"
}
],
"Statement": [
{
"Sid": "Stmt1372212814",
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::bucket_name"
}
]
}

[prateekgupta]

The permission issue explained:
http://www.anujgakhar.com/2011/11/09/giving-access-to-a-single-s3-bucket-using-amazon-iam/

[R-Gerard]

+1 @ksclarke 's policy works for me. It would be useful to include it in the documentation.