なんとなく調べたのでメモ。
発端はS3バケット間コピーをすることになったので、そのための IAM Role を作ろうとしたのがきっかけでした。
AbortMultipartUpload CreateBucket DeleteBucket DeleteBucketPolicy DeleteBucketWebsite DeleteObject DeleteObjectVersion GetBucketAcl GetBucketCORS GetBucketLocation GetBucketLogging GetBucketNotification GetBucketPolicy GetBucketRequestPayment GetBucketTagging GetBucketVersioning GetLifecycleConfiguration GetObject GetObjectAcl GetObjectTorrent GetObjectVersion GetObjectVersionAcl GetObjectTorrent ListAllMyBuckets ListBucket ListBucketMultipulUploads ListBucketVersion ListMultipartUploadParts PutBucketAcl PutBucketCORS PutBucketLogging PutBucketNotification PutBucketPolicy PutBucketRequestPayment PutBucketTagging PutBucketVersioning PutBucketWebsite PutLifecycleConfiguration PutObject PutObjectAcl PutObjectVersionAcl RestoreObject
適用した IAM Role は下記の様な感じ。
{ "Statement": [ { "Sid": "Stmt1372991945001", "Action": [ "s3:GetObject", "s3:GetBucketLocation", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:PutObject" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::コピー元バケット", "arn:aws:s3:::コピー元バケット/*", "arn:aws:s3:::コピー先バケット", "arn:aws:s3:::コピー先バケット/*", ] } ] }