S3 Gateway: Handle restricted access credentials (#7757)

2025-11-09 05:34:56 -05:00 · 2019-06-07 15:49:13 -07:00
parent 6d89435356
commit cb1566c6e6
5 changed files with 69 additions and 17 deletions
--- a/docs/gateway/s3.md
+++ b/docs/gateway/s3.md
@@ -34,6 +34,31 @@ MinIO gateway will automatically look for list of credential styles in following
 - AWS creds file (i.e. AWS_SHARED_CREDENTIALS_FILE or ~/.aws/credentials)
 - IAM profile based credentials. (performs an HTTP call to a pre-defined endpoint, only valid inside configured ec2 instances)

+Minimum permissions required if you wish to provide restricted access with your AWS credentials, please make sure you have following IAM policies attached for your AWS user or roles.
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "readonly",
+            "Effect": "Allow",
+            "Action": [
+                "s3:GetObject",
+                "s3:ListBucket"
+            ],
+            "Resource": "arn:aws:s3:::testbucket"
+        },
+        {
+            "Sid": "readonly",
+            "Effect": "Allow",
+            "Action": "s3:HeadBucket",
+            "Resource": "arn:aws:s3:::testbucket"
+        }
+    ]
+}
+```
+
 ## Run MinIO Gateway for AWS S3 compatible services
 As a prerequisite to run MinIO S3 gateway on an AWS S3 compatible service, you need valid access key, secret key and service endpoint.