4개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Bucket policy should like as below:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SSMLogging",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::SSM_account_id:root"
},
"Action": [
"s3:PutObjectAcl",
"s3:PutObject",
"s3:GetEncryptionConfiguration"
],
"Resource": [
"arn:aws:s3:::bucket_name/*",
"arn:aws:s3:::bucket_name"
]
}
]
}
IAM Policy should be as below(for systems manager):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetEncryptionConfiguration"
],
"Resource": [
"arn:aws:s3:::bucket-name/*",
"arn:aws:s3:::bucket-name"
]
}
]
}
Follow this re:Post step by step.
0
Tried it out, but still doesn't seem to be working
답변함 10달 전
Please follow this re:Post step by step and let me know how it goes. Please mention the error messages if you are able to capture through cloudtrail or cloudwatch.
How did it go?
0
Had to also allow permissions due to KMS encryption, but after allowing that; was able to get the data in the bucket.
답변함 10달 전
The IAM policy goes on the EC2 service role that's configured for the maintenance window, correct?
Yes, that's correct.
Did you try it out, let me know how it works for you.
Did you try it out?