Cyberduck
Mountain Duck
CLIOpened on Jul 3, 2016 at 1:18:59 PM
Closed on Jul 3, 2016 at 4:14:26 PM
Last modified on Jul 19, 2016 at 9:20:27 AM
#9618 closed defect (fixed)
Update docs for KMS IAM Permissions requirements
| Reported by: | seymours | Owned by: | dkocher |
|---|---|---|---|
| Priority: | normal | Milestone: | 5.0.9 |
| Component: | s3 | Version: | Nightly Build |
| Severity: | normal | Keywords: | s3 kms |
| Cc: | Architecture: | Intel | |
| Platform: | Mac OS X 10.11 |
Description
Using KMS with S3 in Cyberduck, blog post etc say that IAM permissions required are kms:ListKeys.
https://trac.cyberduck.io/wiki/help/en/howto/s3
In addition though, you also need kms:ListAliases for it to populate the Encryption drop down appropriately.
i.e. an IAM Policy (in addition to the appropriate S3 permissions) of -
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1467393289000",
"Effect": "Allow",
"Action": [
"kms:ListKeys",
"kms:ListAliases"
],
"Resource": [
"*"
]
}
]
}
Change History (3)
comment:1 Changed on Jul 3, 2016 at 4:12:30 PM by dkocher
- Milestone set to 5.1
- Owner set to dkocher
- Status changed from new to assigned
comment:2 Changed on Jul 3, 2016 at 4:14:26 PM by dkocher
- Resolution set to fixed
- Status changed from assigned to closed
comment:3 Changed on Jul 19, 2016 at 9:20:27 AM by dkocher
- Milestone changed from 5.1 to 5.0.9
Note: See
TracTickets for help on using
tickets.
The additional permission requirement for ListAliases comes from r20826 where we introduced alias mapping.