Minimum S3 IAM Role Actions?


(Tim) #1

Does anyone know what the minimum S3 actions are for s3 uploads to work? The Setting up file and image uploads to S3 guide says to use “s3:*”, but the infsec voice in my head tells me never to blindly allow all. Does anyone have a paired down list of permissions that Discourse requires?


(Régis Hanol) #2

That’s a good question, I’m actually not sure. I’d say these

  • s3:CreateBucket
  • s3:GetObject
  • s3:PutObject
  • s3:GetBucketPolicy
  • s3:PutBucketPolicy

(John) #3

@tim.smith I want to create an IAM user so can you verify what the minimum S3 actions are for s3 uploads to work?