S3 bucket policy current example

Referring to this topic on how to set up an S3 bucket policy for Discourse:

it appears to be out of date, and missing things currently needed, such as Principal information. Is there any more current advice on what to do? I know I am asking to be spoon fed, but as one poster pointed out this is more or less black magic to most people and any help would be appreciated. I am specifically referring just to the given bucket policy example, not the entire thread.

3 Likes

I also have this issue. The s3:HeadBucket action does not exist and AWS throws a ton of errors about the policy.

I spent time learning about the policy concepts. I developed this which works, but it’s all wide open, and so needs considerable refinement. But it does allow you to get on and setup all the rest of the requirements for S3 storage for Discourse. A starting point that currently works, at least.

{
    "Version": "2012-10-17",
    "Id": "Policy1640915383804",
    "Statement": [
        {
            "Sid": "Stmt1640915382266",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::xyzzy-file-uploads",
                "arn:aws:s3:::xyzzy-file-uploads/*"
            ]
        }
    ]
}
1 Like