- Más nuevo
- Más votos
- Más comentarios
You don't mention which database engine it is, but the example here for giving SQL Server access to S3 should by-and-large have what you need (you may need to tweak a few items for a different DB) https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/User.SQLServer.Options.S3-integration.html
You yourself will need a specific level of privileges within IAM to do that, which it doesn't seem that you have - PowerUserAccess gives you iam:CreateServiceLinkedRole, iam:DeleteServiceLinkedRole & iam:ListRoles which I don't think is enough for you to create a policy and attache to a role. You would need at least iam:CreatePolicy, iam:CreateRole, iam:AttachRolePolicy and maybe others https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsidentityandaccessmanagementiam.html
Contenido relevante
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 4 meses
- OFICIAL DE AWSActualizada hace un año
I did say it is Oracle SE RDS above. Is there a difference in the three permissions you listed for SQL? Would admin grant those directly to account and is there any security risks granting those to DBA?
Yes, my bad, I see now that you mentioned Oracle.
I haven't done that myself so I'm just going by what is in the docs, but it looks like you will need the same IAM privileges as identified for SQL https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-s3-integration.html
This goes through the same material from a slightly different viewpoint and may be of use https://aws.amazon.com/blogs/database/integrating-amazon-rds-for-oracle-with-amazon-s3/
The links you provided discuss the details for implementing S3 Integration but no mention of what IAM permissions needed. Did you see anything about permissions?
It's in my original answer
Is there a way to know what the "others" permissions could be so I can include them on the request?