AWS IAM (Identity and Access Managemement) Policies
IAM policies allow you to control users' access to your S3 bucket. See What is IAM for information.
Minimum Policy Example
This policy is for everyday users of S-Drive who don’t need full permissions. The user that creates and manages the bucket in S-Drive needs full permissions, not the policy shown below.
To apply a limited policy to your restricted user:
(Note: This should be done AFTER you have installed S-Drive and created a bucket. You will need the bucket name to create the policy. )
Sign in to AWS Management Console and click "IAM" from Services menu.
Click "Policies" on the dashboard and then click "Create Policy" button.
Select "Create Your Own Policy" on the screen.
Type name into "Policy Name" area. Copy contents of the below example and paste into "Policy Document" area on AWS Console. Change the sdrivebucket bucket name references in the policy document example to the name of your S-Drive bucket and click "Create Policy". The purpose of this policy is to give proper access to your own Salesforce instance to be able to upload/ download files.
Click "Users" on the dashboard and click on your user name. Then Click "Attach Policy" button on the screen for the user that you use in S-Drive.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::sdrivebucket/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": [
"arn:aws:s3:::*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutBucketCORS"
],
"Resource": [
"arn:aws:s3:::sdrivebucket"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::sdrivebucket"
]
},
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:GetBucketVersioning",
"s3:PutBucketVersioning"
],
"Resource": "arn:aws:s3:::sdrivebucket"
}
]
}
Find the policy which you created in #4 and click "Attach Policy" button.