Cross Account Bucket Access
INTEGRATION
AWS
The following S3 policy requirements are needed for Quadrant to push data into your S3 bucket.
- GetBucketLocation: Required to know the bucket RegionListBucketRequired for the folders we are uploading data to verify that we are not overwriting an existing object.
- GetObject: Required together with s3:ListBucket to verify that a file does not exist in the target destination.
- PutObject: Required for Uploading data files
Example Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Quadrant’s S3 Access",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::625460199338:root"
},
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::<your-s3-bucket>",
"arn:aws:s3:::<your-s3-bucket>/*"
]
}
]
}