Identity and Access Management (IAM) policies determine what actions are allowed for content in your S3 bucket. We must create policies to allow CloudCannon and imgix to perform specific actions for your bucket and any object stored within it. CloudCannon requires permission to upload, edit, and preview your assets, while imgix only requires permission to read and list content from your S3 bucket in order to serve your assets.
For more information about Amazon S3 policies, please see their documentation.
In this step, you will create two policies, one for CloudCannon and one for imgix.
- Open the AWS console and navigate to IAM under Security, Identity, & Compliance section in the main menu.
- Navigate to Policies under Access management.
- Click the Create Policy button.
- Open the JSON tab of the new policy and paste the following JSON code. Make sure to replace “PlaceholderBucketName” with your S3 bucket name.
policy.json
copied
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetBucketLocation",
"s3:GetObjectAcl",
"s3:GetObject",
"s3:ListBucketMultipartUploads",
"s3:AbortMultipartUpload",
"s3:ListBucket",
"s3:PutObjectAcl",
"s3:ListMultipartUploadParts"
],
"Resource": [
"arn:aws:s3:::<PlaceholderBucketName>",
"arn:aws:s3:::<PlaceholderBucketName>/*"
]
}
]
}
- Click the Next: Tags button, then click Next again.
- Name your policy “CloudCannon Access Policy”, then click Create policy.
- Repeat steps 3 to 5 and paste the following JSON code. Make sure to replace “PlaceholderBucketName” with your S3 bucket name.
policy.json
copied
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::<PlaceholderBucketName>",
"arn:aws:s3:::<PlaceholderBucketName>/*"
]
}
]
}
- Name your policy “imgix Access Policy”, then click Create policy.