AWS Snowball User Guide
Access Control
5. You return to the AWS Snowball Management Console, where Selected IAM role ARN contains the
Amazon Resource Name (ARN) for the IAM role that you just created.
6. Choose Next to finish creating your IAM role.
The preceding procedure creates an IAM role that has write permissions for the Amazon S3 buckets
that you plan to import your data into The IAM role that is created has one of the following structures,
depending on whether it's for an import or export job.
IAM Role ARN for an Import Job
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetBucketPolicy",
"s3:PutObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::*"
}
]
}
IAM Role ARN for an Export Job
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::*"
}
]
}
Access Control
As IAM resource owner, you have responsibility for access control and security for the Snowball console,
Snowball, and other assets associated with using Snowball. These assets include such things as Amazon
S3 buckets, the workstation that the data transfer goes through, and your on-premises data itself.
82
To Next Page
Loading...