show a policy doc for `ec2-upload-bundle`

This commit is contained in:
Matthew Hooker 2018-01-25 15:22:34 -08:00
parent 48105e74bd
commit a4518f8ac8
No known key found for this signature in database
GPG Key ID: 7B5F933D9CE8C6A1
1 changed files with 24 additions and 2 deletions

View File

@ -485,5 +485,27 @@ Additionally, `{{.Token}}` is available when overriding this command. You must
create your own bundle command with the addition of `-t {{.Token}} ` if you are create your own bundle command with the addition of `-t {{.Token}} ` if you are
assuming a role. assuming a role.
~> **Note:** If using IAM roles to run `ec2-upload-bundle`, make sure the #### Bundle Upload Permissions
role has the `s3:GetBucketLocation` and `s3:PutObjectAcl` permissions.
The `ec2-upload-bundle` requires a policy document that looks something like this:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:PutObjectAcl"
],
"Resource": "*"
}
]
}
```
You may wish to constrain the resource to a specific bucket.