IAM permissions to access s3://datomic-releases-1f2183a?


#1

Hi there!

I was a bit surprised to discover tonight that an IAM user I created to manage my Datomic Cloud resources couldn’t access s3://datomic-releases-1fc2183a/maven/releases to resolve the ion dependencies until I added the IAM user to the admin group in AWS.

I’d prefer to give as few IAM permissions as possible to developers working on my application, so I’m curious about the minimum set of permissions an IAM user needs to be able to access that s3 bucket.

Any thoughts?

Thank you!

Travis Vachon


#2

Hi Travis,

Your user should not require AWS admin permissions to access that bucket.
That releases bucket is publicly readable, however default IAM permissions for new users don’t allow any S3 access. You should be able to add S3 read permissions for that bucket specifically to your IAM user if you want to minimize permissions granted to your IAM roles.