IAM permissions to access s3://datomic-releases-1f2183a?

travis · February 26, 2019, 5:07am

Hi there!

I was a bit surprised to discover tonight that an IAM user I created to manage my Datomic Cloud resources couldn’t access s3://datomic-releases-1fc2183a/maven/releases to resolve the ion dependencies until I added the IAM user to the admin group in AWS.

I’d prefer to give as few IAM permissions as possible to developers working on my application, so I’m curious about the minimum set of permissions an IAM user needs to be able to access that s3 bucket.

Any thoughts?

Thank you!

Travis Vachon

marshall · February 26, 2019, 2:31pm

Hi Travis,

Your user should not require AWS admin permissions to access that bucket.
That releases bucket is publicly readable, however default IAM permissions for new users don’t allow any S3 access. You should be able to add S3 read permissions for that bucket specifically to your IAM user if you want to minimize permissions granted to your IAM roles.

Topic		Replies	Views
Revoke access from prior employees Datomic Cloud	0	426	January 31, 2022
Rotating AWS access key Troubleshooting	1	738	July 16, 2019
EC2 key-pair management for growing teams Datomic Cloud	2	580	March 18, 2020
DynamoDB, `datomic:ddb//` connect URI, and AWS STS roles - can we provide the token for a keypair? Datomic Pro	1	893	May 23, 2018
S3 status code 400 error when attempting :push Datomic Cloud	10	894	March 9, 2021

IAM permissions to access s3://datomic-releases-1f2183a?

Related Topics