honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[doc] correct S3 policy for multiparts 

for multipart to work correctly you need to also include the necessary actions in the policy.

```json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation",
                "s3:ListBucketMultipartUploads",
                "s3:ListBucketVersions"
            ],
            "Resource": [
                "arn:aws:s3:::yourbucket"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:PutObjectAcl",
                "s3:AbortMultipartUpload",
                "s3:ListMultipartUploadParts"
            ],
            "Resource": [
                "arn:aws:s3:::yourbucket/*"
            ]
        }
    ]
}
```

Closes #214

(cherry picked from commit 62966ad)
(cherry picked from commit 25a37a5)
(cherry picked from commit e72af19)
This commit is contained in:
David Pilato 2015-05-20 16:58:35 +02:00
parent 551f2da722
commit 9206b0db35
1 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
README.md
View File

@ -210,7 +210,10 @@ In order to restrict the Elasticsearch snapshot process to the minimum required
"Statement": [
{
"Action": [
"s3:ListBucket"
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
@ -221,7 +224,9 @@ In order to restrict the Elasticsearch snapshot process to the minimum required
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
"s3:DeleteObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts"
],
"Effect": "Allow",
"Resource": [
@ -231,7 +236,6 @@ In order to restrict the Elasticsearch snapshot process to the minimum required
],
"Version": "2012-10-17"
}
```
You may further restrict the permissions by specifying a prefix within the bucket, in this example, named "foo".
@ -241,7 +245,10 @@ You may further restrict the permissions by specifying a prefix within the bucke
"Statement": [
{
"Action": [
"s3:ListBucket"
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions"
],
"Condition": {
"StringLike": {
@ -259,7 +266,9 @@ You may further restrict the permissions by specifying a prefix within the bucke
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
"s3:DeleteObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts"
],
"Effect": "Allow",
"Resource": [
@ -269,7 +278,6 @@ You may further restrict the permissions by specifying a prefix within the bucke
],
"Version": "2012-10-17"
}
```
The bucket needs to exist to register a repository for snapshots. If you did not create the bucket then the repository registration will fail. If you want elasticsearch to create the bucket instead, you can add the permission to create a specific bucket like this: