For granting permission to the S3 bucket, create an IAM (Identity and Access Management) policy or reuse an existing one.
Creating a new IAM policy
See below for creating an IAM policy granting permission to the S3 bucket.
To create an IAM policy
- Type "IAM" in the search box of the AWS console.
- Select IAM in the search results to display the IAM dashboard.
- Select Access management > Policies in the navigation sidebar.
- In the content pane, click the name of an existing IAM policy or click Create policy to create a new one.
- Click JSON in the Specify permissions form.
Paste the following JSON code in the Policy editor field.
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["s3:GetBucketLocation","s3:GetObject","s3:ListBucket"],"Resource": ["arn:aws:s3:::$S3_BUCKET_NAME","arn:aws:s3:::$S3_BUCKET_NAME/*"]},{"Effect": "Allow","Action": ["ec2:ModifySnapshotAttribute","ec2:CopySnapshot","ec2:RegisterImage","ec2:Describe*"],"Resource": "*"}]}- In the JSON code, replace
$S3_BUCKET_NAMEwith the name of the S3 bucket selected when Creating an S3 bucket. - Click Next.
- Enter a name and an optional description for the new policy.
- Click Create policy.
Updating an existing IAM policy
See below for how to update an existing IAM policy for granting permission to the S3 bucket.
To update an IAM policy
- Type "IAM" in the search box of the AWS console.
- Select IAM in the search results to display the IAM dashboard.
- Select Access management > Policies in the navigation sidebar.
- In the content pane, click the + expand button for an existing IAM policy.
- Click Edit.
In the policy editor field, add the following code to the
Resourcearray."arn:aws:s3:::$S3_BUCKET_NAME","arn:aws:s3:::$S3_BUCKET_NAME/*"- In the code, replace
$S3_BUCKET_NAMEwith the name of the S3 bucket selected when Creating an S3 bucket. - Click Next.
- Click Save changes.