Versions Compared

Old Version 5

changes.mady.by.user Ryan Schefke

Saved on

compared with

New Version Current

changes.mady.by.user Ryan Schefke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • If the bucket is encrypted using AWS-KMS, the role’s policy would look like the following:

    • Make sure to replace $BUCKET_NAME$ with your bucket name. This is where we will upload files.

    • Replace $AWS_KMS_KEY_ARN$ with your AWS KMS key used to encrypt the bucket.

Code Block
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::$BUCKET_NAME$/*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "kms:Encrypt",
                "kms:GenerateDataKey",
                "kms:DescribeKey",
                "kms:ReEncrypt*"
            ],
            "Resource": [
                "$AWS_KMS_KEY_ARN$"
            ],
            "Effect": "Allow"
        }
    ]
}

  • Make sure to replace $BUCKET_NAME$ with your bucket name. This is where we will upload files.

  • Replace $AWS_KMS_KEY_ARN$ with your AWS KMS key used to encrypt the bucket.

Lead Liaison Account Configuration

...