AWS Storage Gateway User Guide
Using Identity-Based Policies (IAM Policies)
{
"Sid": "AllowsAllActionsOnSpecificGateway",
"Action": [
"storagegateway:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:storagegateway:us-west-2:123456789012:gateway/gateway-id/",
"arn:aws:storagegateway:us-west-2:123456789012:gateway/gateway-id/*"
]
},
{
"Sid": "AllowsUserToUseAWSConsole",
"Action": [
"storagegateway:ListGateways"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
Example 4: Allow a User to Access a Specific Volume
The following policy allows a user to perform all actions to a specific volume on a gateway. Because
a user doesn't get any permissions by default, the policy restricts the user to accessing only a specific
volume.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "GrantsPermissionsToSpecificVolume",
"Action": [
"storagegateway:*"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:us-west-2:123456789012:gateway/gateway-id/
volume/volume-id"
},
{
"Sid": "GrantsPermissionsToUseStorageGatewayConsole",
"Action": [
"storagegateway:ListGateways"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
The preceding policy works if the user to whom the policy is attached uses either the API or an AWS SDK
to access the volume. However, if this user is going to use the AWS Storage Gateway console, you must
also grant permissions to allow the ListGateways action, as shown in the following example:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "GrantsPermissionsToSpecificVolume",
"Action": [
"storagegateway:*"
API Version 2013-06-30
304
To Next Page
Loading...