AWS Storage Gateway User Guide
Adding a File Share
You can create the role and access policy yourself, or your file gateway can create them for you. If your
file gateway creates the policy for you, the policy contains a list of S3 actions. For information about
roles and permissions, see Creating a Role to Delegate Permissions to an AWS Service in the IAM User
Guide.
The following example is a trust policy that allows your file gateway to assume an IAM role.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "storagegateway.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
If you don’t want your file gateway to create a policy on your behalf, you create your own policy and
attach it to your file share. For more information about how to do this, see Creating a File Share (p. 42).
The following example policy allows your file gateway to perform all the Amazon S3 actions listed in
the policy. The first part of the statement allows all the actions listed to be performed on the S3 bucket
named TestBucket. The second part allows the listed actions on all objects in TestBucket.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetAccelerateConfiguration",
"s3:GetBucketLocation",
"s3:GetBucketVersioning",
"s3:ListBucket",
"s3:ListBucketVersions",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::TestBucket",
"Effect": "Allow"
},
{
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:ListMultipartUploadParts",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::TestBucket/*",
"Effect": "Allow"
}
]
}
API Version 2013-06-30
145
To Next Page
Loading...