Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update docs for KMS IAM Permissions requirements #9618

Closed
cyberduck opened this issue Jul 3, 2016 · 1 comment
Closed

Update docs for KMS IAM Permissions requirements #9618

cyberduck opened this issue Jul 3, 2016 · 1 comment
Assignees
@dkocher
Labels
bug fixed s3 AWS S3 Protocol Implementation
Milestone
5.0.9

Comments

@cyberduck
Copy link
Collaborator

35f4c7f created the issue

Using KMS with S3 in Cyberduck, blog post etc say that IAM permissions required are kms:ListKeys.

https://trac.cyberduck.io/wiki/help/en/howto/s3

In addition though, you also need kms:ListAliases for it to populate the Encryption drop down appropriately.

i.e. an IAM Policy (in addition to the appropriate S3 permissions) of -

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1467393289000",
            "Effect": "Allow",
            "Action": [
                "kms:ListKeys",
                "kms:ListAliases"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}
@cyberduck
Copy link
Collaborator Author

@dkocher commented

The additional permission requirement for ListAliases comes from 137d833 where we introduced alias mapping.

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dkocher dkocher

Labels
bug fixed s3 AWS S3 Protocol Implementation
Projects
None yet
Milestone
5.0.9
Development

No branches or pull requests
2 participants
@dkocher @cyberduck