Create buckets IAM policy in AWS
Learn how to create an Identity and Access Management (IAM) policy in your AWS account for the buckets.
To create a policy:
- Log in to the AWS Management Console.
- In the search field, enter iam.
- In the drop-down list of items, hover over IAM and select Policies.
- In the Policies page, select Create Policy.
- In the Create policy page, provide the permissions for the policy:
- Service: Select the S3 service.
- Actions: In the Write access level, select GetObject.
- Resources: Select Add ARN and add the Staging bucket name from Create an AWS S3 storage bucket. The object name can be any.
- Select Add.
- Select Add more permissions to add a permission block for the Target bucket:
- Service: Select the S3 service.
- Actions: In the Write access level, select DeleteObject, GetObject, and PutObject.
- Resources: Select Add ARN and add the Target bucket name from Create an AWS S3 storage bucket.
- Select Add.
- Select Next:Tags.
- Select Next:Review.
- In the Review Policy page, provide the policy details.
- Name: Enter a policy name. For example: pm-doc-write.
- Description: Enter a description for the policy.
- Select Create Policy. For more information, see topic Creating IAM policies.
{
"Version": "2024-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::stagingbucketname/*"
},{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::targetbucketname/*"
}
]
}