How-to create S3 assume role in Customer AWS account
Step 1: Click Create Role
Step 2: In order to give permission to our Bluzone AWS account to access the client AWS resources, select “Another AWS account” option and enter our Bluzone AWS account ID and click Next.
Note: Account ID can be taken from the Bluzone UI:
Step 3: Click on Attach policy button.
Step 4: Click on create policy.
Step 5: Select the S3 service and choose the following permissions ListBucket, DeleteObject and PutObject for the bucket. Also specify the bucket name in the resource section as below. Then Click review and create.
Step 6: Now we can able to see the below policy is attached to the role. Click next.
Click JSON tab to view the policy permissions in JSON format.
Json bucket policy template:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:DeleteObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::<BucketName>",
"arn:aws:s3:::<BucketName>/*"
]
}
]
}
Step 7: Add tags and click next
Step 8: Enter the Role name, description and click Create role.
Assume role created, now Bluzone can access the User/Client AWS account resources through the role ARN.