...
If the bucket is encrypted using AWS-KMS, the role’s policy would look like the following:
Make sure to replace $BUCKET_NAME$ with your bucket name. This is where we will upload files.
Replace $AWS_KMS_KEY_ARN$ with your AWS KMS key used to encrypt the bucket.
Code Block |
---|
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::$BUCKET_NAME$/*" ], "Effect": "Allow" }, { "Action": [ "kms:Encrypt", "kms:GenerateDataKey", "kms:DescribeKey", "kms:ReEncrypt*" ], "Resource": [ "$AWS_KMS_KEY_ARN$" ], "Effect": "Allow" } ] } |
Make sure to replace $BUCKET_NAME$ with your bucket name. This is where we will upload files.
Replace $AWS_KMS_KEY_ARN$ with your AWS KMS key used to encrypt the bucket.
Lead Liaison Account Configuration
...