This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 442bb18554a Camel-AWS components: Providing minimum permissions
documentation for services - S3 Producer (#15277)
442bb18554a is described below
commit 442bb18554a08087e4f24723462c169d8225d3e9
Author: Andrea Cosentino <[email protected]>
AuthorDate: Thu Aug 22 15:17:18 2024 +0200
Camel-AWS components: Providing minimum permissions documentation for
services - S3 Producer (#15277)
Signed-off-by: Andrea Cosentino <[email protected]>
---
.../src/main/docs/aws2-s3-component.adoc | 49 ++++++++++++++++++++++
1 file changed, 49 insertions(+)
diff --git
a/components/camel-aws/camel-aws2-s3/src/main/docs/aws2-s3-component.adoc
b/components/camel-aws/camel-aws2-s3/src/main/docs/aws2-s3-component.adoc
index 55547075609..7caaad02030 100644
--- a/components/camel-aws/camel-aws2-s3/src/main/docs/aws2-s3-component.adoc
+++ b/components/camel-aws/camel-aws2-s3/src/main/docs/aws2-s3-component.adoc
@@ -307,6 +307,55 @@ Parameters (`accessKey`, `secretKey` and `region`) are
mandatory for this operat
NOTE: If checksum validations are enabled, the url will no longer be browser
compatible because it adds a signed header that must be included in the HTTP
request.
+=== AWS S3 Producer minimum permissions
+
+For making the producer work, you'll need at least PutObject and ListBuckets
permissions. The following policy will be enough:
+
+[source,json]
+--------------------------------------------------------------------------------
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": "s3:PutObject",
+ "Resource": "arn:aws:s3:::*/*"
+ },
+ {
+ "Effect": "Allow",
+ "Action": "s3:ListBucket",
+ "Resource": "arn:aws:s3:::*"
+ }
+ ]
+}
+--------------------------------------------------------------------------------
+
+A variation to the minimum permissions is related to the usage of Bucket
autocreation. In that case the permissions will need to be increased with
CreateBucket permission
+
+[source,json]
+--------------------------------------------------------------------------------
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": "s3:PutObject",
+ "Resource": "arn:aws:s3:::*/*"
+ },
+ {
+ "Effect": "Allow",
+ "Action": "s3:ListBucket",
+ "Resource": "arn:aws:s3:::*"
+ },
+ {
+ "Effect": "Allow",
+ "Action": "s3:CreateBucket",
+ "Resource": "arn:aws:s3:::*"
+ }
+ ]
+}
+--------------------------------------------------------------------------------
+
=== Streaming Upload mode
With the stream mode enabled, users will be able to upload data to S3 without
knowing ahead of time the dimension of the data, by leveraging multipart upload.
