Improve section about AWS policy

2016-12-07 01:46:12 +03:00 · 2016-12-07 01:46:12 +03:00 · ea84d17ea6
commit ea84d17ea6
parent c7dab7f374
1 changed files with 27 additions and 23 deletions
--- a/docs/storage-drivers/s3.md
+++ b/docs/storage-drivers/s3.md
@ -185,32 +185,36 @@ Amazon S3 or S3 compatible services for object storage.
 ## S3 permission scopes
-The following IAM permissions are required by the registry for push and pull.  See [the S3 policy documentation](http://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) for more details.
+The following AWS policy is required by the registry for push and pull. Make sure to replace `S3_BUCKET_NAME` with the name of your bucket.
 ```
- "Statement": [
+{
-      {
+  "Version": "2012-10-17",
-        "Effect": "Allow",
+  "Statement": [
-        "Action": [
+    {
-          "s3:ListBucket",
+      "Effect": "Allow",
-          "s3:GetBucketLocation",
+      "Action": [
-          "s3:ListBucketMultipartUploads"
+        "s3:ListBucket",
-        ],
+        "s3:GetBucketLocation",
-        "Resource": "arn:aws:s3:::mybucket"
+        "s3:ListBucketMultipartUploads"
-      },
+      ],
-      {
+      "Resource": "arn:aws:s3:::S3_BUCKET_NAME"
-        "Effect": "Allow",
+    },
-        "Action": [
+    {
-          "s3:PutObject",
+      "Effect": "Allow",
-          "s3:GetObject",
+      "Action": [
-          "s3:DeleteObject",
+        "s3:PutObject",
-          "s3:ListMultipartUploadParts",
+        "s3:GetObject",
-          "s3:AbortMultipartUpload"
+        "s3:DeleteObject",
-        ],
+        "s3:ListMultipartUploadParts",
-        "Resource": "arn:aws:s3:::mybucket/*"
+        "s3:AbortMultipartUpload"
-      }
+      ],
-]
+      "Resource": "arn:aws:s3:::S3_BUCKET_NAME/*"
    }
  ]
 }
 ```
 See [the S3 policy documentation](http://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) for more details.
 # CloudFront as Middleware with S3 backend