IAM roles are an AWS-specific feature that allow jobs running on an AWS EC2 instance to perform operations without there needing to be an explicit (and exposed) Key ID and Secret Key. It further simplifies credentials management because the permission that is granted to a node can be revoked at any time without having to change the Key ID or Secret Key. Many customers prefer using IAM roles to using explicit IDs and Keys. IAM roles can be managed from the AWS Web Console.
The IAM roles needed to support the TPT-S3 connector must have at least these permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::your_bucket_name_here",
"arn:aws:s3:::your_bucket_name_here/*"
]
}
]
}