You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+16-1Lines changed: 16 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,7 +13,22 @@ A feature-rich Amazon S3 NGINX-based proxy, running in Docker and Kubernetes.
13
13
14
14
# Usage
15
15
16
-
Create AWS S3 access key and secret keys, allowed to download from your buckets. Bucket listing will also be served, so make sure to disable that permission if necessary.
16
+
Recommended setup is to create an AWS IAM user for each `s3-nginx-proxy` deployment. You should then attach a policy to exclusively grant it the `GetObject` permission on the required buckets, such as:
17
+
```json
18
+
{
19
+
"Version": "2012-10-17",
20
+
"Statement": [
21
+
{
22
+
"Sid": "VisualEditor0",
23
+
"Effect": "Allow",
24
+
"Action": "s3:GetObject",
25
+
"Resource": "arn:aws:s3:::thepoon.ppy.sh/*"
26
+
}
27
+
]
28
+
}
29
+
```
30
+
31
+
Granting too much permissions may lead to security risks (such as listing the entire bucket content). Be careful!
0 commit comments