For many reasons it's not wise to give root access to Amazon S3 e.g. safety measure against code accidently deleting other bucket content and avoiding abuse to other AWS services if access keys are leaked. Custom access keys can be generated from AWS IAM-service where one can specify a custom policy. I created this issue to document for everyone else too what appears to be the minimum required rights for storage api to work.
{
"Statement": [
{
"Sid": "ModifyAssets",
"Action": [
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectVersionAcl"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::yourbucketname/*"
]
},
{
"Sid": "BucketRights",
"Action": [
"s3:ListBucket",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*"
]
}
]
}

Comments

Category:support» task
Status:Needs review» Active

Thanks for this!

Can you update the documentation here: http://drupal.org/node/656716 ?

Status:Active» Needs review

I've added a child page on that page to describe how to control access credentials.

Status:Needs review» Fixed

Thanks very much!!

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.