IAM policies allow you to control users' access to your S3 bucket. See What is IAM for information.

Minimum Policy Example

This policy is for everyday users of S-Drive who don’t need full permissions. The user that creates and manages the bucket in S-Drive needs full permissions, not the policy shown below.

To apply a limited policy to your restricted user:

  1. Sign in to AWS Management Console and click "IAM" from Services menu.

  2. Click "Policies" on the dashboard and then click "Create Policy" button.

  3. Select "Create Your Own Policy" on the screen.

  4. Type name into "Policy Name" area. Copy contents of the below example and paste into "Policy Document" area on AWS Console. Update sdrivebucket bucket name references in policy document and click "Create Policy". The purpose of this policy is to give proper access to your own Salesforce instance to be able to upload/ download files.

  5. Click "Users" on the dashboard and click on your user name. Then Click "Attach Policy" button on the screen for the user that you use in S-Drive.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::sdrivebucket/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutBucketCORS"
            ],
            "Resource": [
                "arn:aws:s3:::sdrivebucket"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::sdrivebucket"
            ]
        },
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketVersioning",
                "s3:PutBucketVersioning"
             ],
            "Resource": "arn:aws:s3:::sdrivebucket"
        }
    ]
}

CODE

Find the policy which you created in #4 and click "Attach Policy" button.