To configure a cloud-native object store with your organization, it is important to understand the permissions required. The following outlines the minimum permissions needed to successfully configure and use a cloud native object store with your ArcGIS Enterprise on Kubernetes organization in Amazon Web Services (AWS).
AWS IAM permissions
Amazon Identity and Access Management (IAM) controls access to AWS resources. The following sample JSON snippet shows the IAM policy required to configure and use Amazon Simple Storage Service (S3) as the deployment's object store.
Your IAM user or role requires the following IAM policy, at minimum:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetLifecycleConfiguration",
"s3:PutLifecycleConfiguration",
"s3:ListMultipartUploadParts",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::<bucket_name>/*",
"arn:aws:s3:::<bucket_name>"
]
}
]
}
Replace the values inside the angle brackets (<>) with values specific to your deployment.
2012-10-17 is the version of the policy document format shown here. If you change this version date, the document format may need to change.