4回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
Bucket policy should like as below:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SSMLogging",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::SSM_account_id:root"
},
"Action": [
"s3:PutObjectAcl",
"s3:PutObject",
"s3:GetEncryptionConfiguration"
],
"Resource": [
"arn:aws:s3:::bucket_name/*",
"arn:aws:s3:::bucket_name"
]
}
]
}
IAM Policy should be as below(for systems manager):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetEncryptionConfiguration"
],
"Resource": [
"arn:aws:s3:::bucket-name/*",
"arn:aws:s3:::bucket-name"
]
}
]
}
Follow this re:Post step by step.
0
Tried it out, but still doesn't seem to be working
回答済み 10ヶ月前
Please follow this re:Post step by step and let me know how it goes. Please mention the error messages if you are able to capture through cloudtrail or cloudwatch.
How did it go?
0
Had to also allow permissions due to KMS encryption, but after allowing that; was able to get the data in the bucket.
回答済み 10ヶ月前
The IAM policy goes on the EC2 service role that's configured for the maintenance window, correct?
Yes, that's correct.
Did you try it out, let me know how it works for you.
Did you try it out?