- A snippet for setting AWS S3 access to a single bucket ONLY
- Useful for when you have multiple Discourses backing up to a single AWS S3 account but you don’t want them all to be able to access all of the other buckets with a generic S3 access policy.
- Create an aptly-named bucket for your Discourse backup eg
myspecialdiscourse-backups-bucket
- Create an aptly-named IAM user for this specific bucket eg
myspecialdiscourse-backups-s3-user
- Put this JSON snippet in the access control policy for that user, editing the bucket name as appropriate.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::myspecialdiscourse-backups-bucket",
"arn:aws:s3:::myspecialdiscourse-backups-bucket/*"
]
}
]
}