To enable integration of Amazon's (AWS) S3 documents with ForeFlight, the (Identity and Access Management) IAM policy must grant specific permissions. Below are the two options for configuring these permissions:
OPTION 1: Using ListAllMyBuckets
If the IAM policy action is set to ListAllMyBuckets
, then the policy should look like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "BucketLevelPermissions",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": "*"
},
{
"Sid": "ObjectLevelPermissions",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketAcl"
],
"Resource": [
"arn:aws:s3:::<foreflight_bucket_name>",
"arn:aws:s3:::foreflight_bucket_name>/*"
]
}
]
}
OPTION 2: Using ListBucket
If the IAM policy action is set to
ListBucket
, then the policy should look like this:{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "BucketLevelPermissions",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::<foreflight_bucket_name>"
},
{
"Sid": "ObjectLevelPermissions",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketAcl"
],
"Resource": [
"arn:aws:s3:::<foreflight_bucket_name>",
"arn:aws:s3:::<foreflight_bucket_name>/*"
]
}
]
}
Last Updated:
Was this article helpful?