{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"iam:GetContextKeysForPrincipalPolicy",
"iam:SimulatePrincipalPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::customer-aws-account-number:role/customer-role-name"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::source-bucket/source-prefix/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::source-bucket",
"Condition": {
"StringLike": {
"s3:prefix": [
"source-prefix/*",
"source-prefix"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:DeleteObject",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::manifest-bucket/manifest-prefix/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::manifest-bucket",
"Condition": {
"StringLike": {
"s3:prefix": [
"manifest-prefix/*",
"manifest-prefix"
]
}
}
}
]
}
Parameters
- customer-aws-account-number
- Your AWS account number.
- customer-role-name
- Your IAM role name.
- source-bucket
- URI of your source bucket, which must start with "s3://".
- source-prefix
- Folder in source bucket that contains source files.
- manifest-bucket
- URI of your manifest bucket, which must start with "s3://".
The manifest bucket and source bucket can be the same. In that bucket, manifest files must in one folder (identified by manifest-prefix) and source files must be in another folder (identified by source-prefix). Neither folder can be in the subdirectory of the other.
- manifest-prefix
- Folder in manifest bucket that contains manifest files.