From 9206b0db35fd08347ba27fe42d5951ea66b3cbde Mon Sep 17 00:00:00 2001
From: David Pilato <david@pilato.fr>
Date: Wed, 20 May 2015 16:58:35 +0200
Subject: [PATCH] [doc] correct S3 policy for multiparts

for multipart to work correctly you need to also include the necessary actions in the policy.

```json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation",
                "s3:ListBucketMultipartUploads",
                "s3:ListBucketVersions"
            ],
            "Resource": [
                "arn:aws:s3:::yourbucket"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:PutObjectAcl",
                "s3:AbortMultipartUpload",
                "s3:ListMultipartUploadParts"
            ],
            "Resource": [
                "arn:aws:s3:::yourbucket/*"
            ]
        }
    ]
}
```

Closes #214

(cherry picked from commit 62966ad)
(cherry picked from commit 25a37a5)
(cherry picked from commit e72af19)
---
 README.md | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 6306cbdc3e5..a99d295855c 100644
--- a/README.md
+++ b/README.md
@@ -210,7 +210,10 @@ In order to restrict the Elasticsearch snapshot process to the minimum required
     "Statement": [
         {
             "Action": [
-                "s3:ListBucket"
+                "s3:ListBucket",
+                "s3:GetBucketLocation",
+                "s3:ListBucketMultipartUploads",
+                "s3:ListBucketVersions"
             ],
             "Effect": "Allow",
             "Resource": [
@@ -221,7 +224,9 @@ In order to restrict the Elasticsearch snapshot process to the minimum required
             "Action": [
                 "s3:GetObject",
                 "s3:PutObject",
-                "s3:DeleteObject"
+                "s3:DeleteObject",
+                "s3:AbortMultipartUpload",
+                "s3:ListMultipartUploadParts"
             ],
             "Effect": "Allow",
             "Resource": [
@@ -231,7 +236,6 @@ In order to restrict the Elasticsearch snapshot process to the minimum required
     ],
     "Version": "2012-10-17"
 }
-
 ```
 
 You may further restrict the permissions by specifying a prefix within the bucket, in this example, named "foo".
@@ -241,7 +245,10 @@ You may further restrict the permissions by specifying a prefix within the bucke
     "Statement": [
         {
             "Action": [
-                "s3:ListBucket"
+                "s3:ListBucket",
+                "s3:GetBucketLocation",
+                "s3:ListBucketMultipartUploads",
+                "s3:ListBucketVersions"
             ],
             "Condition": {
                 "StringLike": {
@@ -259,7 +266,9 @@ You may further restrict the permissions by specifying a prefix within the bucke
             "Action": [
                 "s3:GetObject",
                 "s3:PutObject",
-                "s3:DeleteObject"
+                "s3:DeleteObject",
+                "s3:AbortMultipartUpload",
+                "s3:ListMultipartUploadParts"
             ],
             "Effect": "Allow",
             "Resource": [
@@ -269,7 +278,6 @@ You may further restrict the permissions by specifying a prefix within the bucke
     ],
     "Version": "2012-10-17"
 }
-
 ```
 
 The bucket needs to exist to register a repository for snapshots. If you did not create the bucket then the repository registration will fail. If you want elasticsearch to create the bucket instead, you can add the permission to create a specific bucket like this: