S3 bucket with write only access

Resolved tomaszgasiorwork
(@tomaszgasiorwork)

4 years, 9 months ago
I want to place my backup on S3 bucket as IAM user with write only permissions (without ability to use reading API calls like GetObject).

I found that your plugin uses GetObject action while creating backup JUST for showing URL for sent file (not working URL when bucket is not public). When I remove GetObject action access from IAM user permissions, your plugin is still able to successfully create and send backup archive to S3 bucket but the plugins defines the whole process as failed, sending e-mail about error, just because it was unable to get (not working…) URL to place it in logs.

Could you please make that API call optional? I mean: you can wrap it in something like try..catch and just safely not put any URL when it fails.

—-

This is IAM policy I want to use for the IAM user:
```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:ListBucketMultipartUploads",
                "s3:AbortMultipartUpload",
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::BUCKET_NAME/*",
                "arn:aws:s3:::BUCKET_NAME"
            ]
        }
    ]
}
```
- This topic was modified 4 years, 9 months ago by tomaszgasiorwork.
- This topic was modified 4 years, 9 months ago by tomaszgasiorwork.
- This topic was modified 4 years, 9 months ago by tomaszgasiorwork.

Viewing 1 replies (of 1 total)

happyAnt
(@duongcuong96)

4 years, 9 months ago

@tomaszgasiorwork
Thank you for the suggestion, I have forwarded your suggestion to our devs ^^

Viewing 1 replies (of 1 total)

The topic ‘S3 bucket with write only access’ is closed to new replies.