The highlighted portion can be redone in order to limit access to an individual bucket. The buckets are referenced by an ARN. You would think that "arn:aws:s3:::SPARETIMENOTEBOOK/*" would be sufficient, but as it turns out, it is not. This is documented elsewhere, but the best description I found was here. The modified "Resource" section of the policy is shown below.
After creating the role, it will appear in the list and be ready for use.
In the next entry, I will launch an EC2 instance using this role and run the test application.
No comments:
Post a Comment