On 12.04.2024 20:54, Wesley Dillingham wrote:
Did you actually get this working? I am trying to replicate your steps
but
am not being successful doing this with multi-tenant.
This is what we are using, the second statement is so that bucket owner
will have access to the object that the user is uploading.
s3-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam:::<tenant>:user/<user>"
]
},
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::<bucket-name>/*",
"arn:aws:s3:::<bucket-name>"
]
},
{
"Sid": "owner_full_access",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam:::<owners-tenant>:user/<owner-user>"
]
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::*"
}
]
}
And then run
s3cmd setpolicy s3-policy.json s3://<bucket-name>
--
Kai Stian Olstad
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
