4 Answers
- Newest
- Most votes
- Most comments
0
Bucket policy should like as below:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SSMLogging",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::SSM_account_id:root"
},
"Action": [
"s3:PutObjectAcl",
"s3:PutObject",
"s3:GetEncryptionConfiguration"
],
"Resource": [
"arn:aws:s3:::bucket_name/*",
"arn:aws:s3:::bucket_name"
]
}
]
}
IAM Policy should be as below(for systems manager):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetEncryptionConfiguration"
],
"Resource": [
"arn:aws:s3:::bucket-name/*",
"arn:aws:s3:::bucket-name"
]
}
]
}
Follow this re:Post step by step.
0
Tried it out, but still doesn't seem to be working
answered 10 months ago
Please follow this re:Post step by step and let me know how it goes. Please mention the error messages if you are able to capture through cloudtrail or cloudwatch.
How did it go?
0
Had to also allow permissions due to KMS encryption, but after allowing that; was able to get the data in the bucket.
answered 10 months ago
Relevant content
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
The IAM policy goes on the EC2 service role that's configured for the maintenance window, correct?
Yes, that's correct.
Did you try it out, let me know how it works for you.
Did you try it out?