Opened on Jul 3, 2016 at 1:18:59 PM
Closed on Jul 3, 2016 at 4:14:26 PM
Last modified on Jul 19, 2016 at 9:20:27 AM
#9618 closed defect (fixed)
Update docs for KMS IAM Permissions requirements
Reported by: | seymours | Owned by: | dkocher |
---|---|---|---|
Priority: | normal | Milestone: | 5.0.9 |
Component: | s3 | Version: | Nightly Build |
Severity: | normal | Keywords: | s3 kms |
Cc: | Architecture: | Intel | |
Platform: | Mac OS X 10.11 |
Description
Using KMS with S3 in Cyberduck, blog post etc say that IAM permissions required are kms:ListKeys.
https://trac.cyberduck.io/wiki/help/en/howto/s3
In addition though, you also need kms:ListAliases for it to populate the Encryption drop down appropriately.
i.e. an IAM Policy (in addition to the appropriate S3 permissions) of -
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1467393289000", "Effect": "Allow", "Action": [ "kms:ListKeys", "kms:ListAliases" ], "Resource": [ "*" ] } ] }
Change History (3)
comment:1 Changed on Jul 3, 2016 at 4:12:30 PM by dkocher
- Milestone set to 5.1
- Owner set to dkocher
- Status changed from new to assigned
comment:2 Changed on Jul 3, 2016 at 4:14:26 PM by dkocher
- Resolution set to fixed
- Status changed from assigned to closed
comment:3 Changed on Jul 19, 2016 at 9:20:27 AM by dkocher
- Milestone changed from 5.1 to 5.0.9
Note: See
TracTickets for help on using
tickets.
The additional permission requirement for ListAliases comes from r20826 where we introduced alias mapping.