This is an automated email from the ASF dual-hosted git repository. acosentino pushed a commit to branch s3-producer-ops-minimum-permissions in repository https://gitbox.apache.org/repos/asf/camel.git
commit e79ed6b92eeea4632822e2e7b0a898aff48ff249 Author: Andrea Cosentino <[email protected]> AuthorDate: Thu Aug 22 15:15:11 2024 +0200 Camel-AWS components: Providing minimum permissions documentation for services - S3 Producer Signed-off-by: Andrea Cosentino <[email protected]> --- .../src/main/docs/aws2-s3-component.adoc | 49 ++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/components/camel-aws/camel-aws2-s3/src/main/docs/aws2-s3-component.adoc b/components/camel-aws/camel-aws2-s3/src/main/docs/aws2-s3-component.adoc index 55547075609..7caaad02030 100644 --- a/components/camel-aws/camel-aws2-s3/src/main/docs/aws2-s3-component.adoc +++ b/components/camel-aws/camel-aws2-s3/src/main/docs/aws2-s3-component.adoc @@ -307,6 +307,55 @@ Parameters (`accessKey`, `secretKey` and `region`) are mandatory for this operat NOTE: If checksum validations are enabled, the url will no longer be browser compatible because it adds a signed header that must be included in the HTTP request. +=== AWS S3 Producer minimum permissions + +For making the producer work, you'll need at least PutObject and ListBuckets permissions. The following policy will be enough: + +[source,json] +-------------------------------------------------------------------------------- +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "s3:PutObject", + "Resource": "arn:aws:s3:::*/*" + }, + { + "Effect": "Allow", + "Action": "s3:ListBucket", + "Resource": "arn:aws:s3:::*" + } + ] +} +-------------------------------------------------------------------------------- + +A variation to the minimum permissions is related to the usage of Bucket autocreation. In that case the permissions will need to be increased with CreateBucket permission + +[source,json] +-------------------------------------------------------------------------------- +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "s3:PutObject", + "Resource": "arn:aws:s3:::*/*" + }, + { + "Effect": "Allow", + "Action": "s3:ListBucket", + "Resource": "arn:aws:s3:::*" + }, + { + "Effect": "Allow", + "Action": "s3:CreateBucket", + "Resource": "arn:aws:s3:::*" + } + ] +} +-------------------------------------------------------------------------------- + === Streaming Upload mode With the stream mode enabled, users will be able to upload data to S3 without knowing ahead of time the dimension of the data, by leveraging multipart upload.
