4 Risposte
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
Bucket policy should like as below:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SSMLogging",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::SSM_account_id:root"
},
"Action": [
"s3:PutObjectAcl",
"s3:PutObject",
"s3:GetEncryptionConfiguration"
],
"Resource": [
"arn:aws:s3:::bucket_name/*",
"arn:aws:s3:::bucket_name"
]
}
]
}
IAM Policy should be as below(for systems manager):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetEncryptionConfiguration"
],
"Resource": [
"arn:aws:s3:::bucket-name/*",
"arn:aws:s3:::bucket-name"
]
}
]
}
Follow this re:Post step by step.
0
Tried it out, but still doesn't seem to be working
con risposta 10 mesi fa
Please follow this re:Post step by step and let me know how it goes. Please mention the error messages if you are able to capture through cloudtrail or cloudwatch.
How did it go?
0
Had to also allow permissions due to KMS encryption, but after allowing that; was able to get the data in the bucket.
con risposta 10 mesi fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 3 anni fa
The IAM policy goes on the EC2 service role that's configured for the maintenance window, correct?
Yes, that's correct.
Did you try it out, let me know how it works for you.
Did you try it out?