Merge pull request #1590 from RichardScothern/s3-permission-scopes

Document required IAM permissions for S3 storage driver.
This commit is contained in:
Richard Scothern 2016-04-06 14:46:12 -07:00
commit 55f1b7651f

View File

@ -187,6 +187,35 @@ An implementation of the `storagedriver.StorageDriver` interface which uses Amaz
`storageclass`: (optional) The storage class applied to each registry file. Defaults to STANDARD. Valid options are STANDARD and REDUCED_REDUNDANCY. `storageclass`: (optional) The storage class applied to each registry file. Defaults to STANDARD. Valid options are STANDARD and REDUCED_REDUNDANCY.
## S3 permission scopes
The following IAM permissions are required by the registry for push and pull. See [the S3 policy documentation](http://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) for more details.
```
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads",
],
"Resource": "arn:aws:s3:::mybucket"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload"
],
"Resource": "arn:aws:s3:::mybucket/*"
}
]
```
# CloudFront as Middleware with S3 backend # CloudFront as Middleware with S3 backend
## Use Case ## Use Case