Added IAM screenshots to S3 readme (#80)

capillariesio · Dec 31, 2024 · 46c5e3c · 46c5e3c
1 parent 2435876
commit 46c5e3c
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 4 deletions.
diff --git a/doc/aws-capillaries-testbucket-permissions.png b/doc/aws-capillaries-testbucket-permissions.png
diff --git a/doc/aws-user-access-capillaries-testbucket.png b/doc/aws-user-access-capillaries-testbucket.png
diff --git a/doc/s3.md b/doc/s3.md
@@ -2,11 +2,11 @@
 
 [Integration tests suite](./testing.md#integration-tests) contains tests that use data and config files stored in AWS S3. [k8s POC](../test/k8s/README.md) also uses S3 files. You have to perform some AWS setup steps to make S3 integration tests and k8s POC work.
 
-For demo purposes, Capillaries Docker-based and k8s POC test environments use user-based permissions (see below), which may not be the preferred way of controlling access in production AWS environment. Using role assumption approach is the recommended way.
+For demo purposes, Capillaries Docker-based and k8s POC test environments use user-based permissions (see below), which may not be the preferred way of controlling access in production AWS environment. Using role assumption approach is the recommended way and [capideploy SaaS scenario](https://github.com/capillariesio/capillaries-deploy/blob/main/README.md#iam-settings---saas-scenario) follows that approach.
 
 ## Bucket capillaries-testbucket
 
-Create capillaries-testbucket (this name may be taken already, so you may be forced to use some other name, or you may want to run capillaries using your `acmme-corp-prod-files` bucket). In `Amazon S3->Buckets->capillaries-testbucket->Permissions` tab, turn `Block all public access` on.
+Create capillaries-testbucket (this name may be taken already, so you may be forced to use some other name, or you may want to run capillaries using your `acme-corp-prod-files` bucket). In `Amazon S3->Buckets->capillaries-testbucket->Permissions` tab, turn `Block all public access` on.
 
 Before running tests, make sure you have this environment variable set:
 ```
@@ -19,20 +19,24 @@ daemon/webapi/toolbelt running in our Docker/k8s tests will this IAM user creden
 
 Create IAM user `UserAccessCapillariesTestbucket`.
 
+![](./aws-user-access-capillaries-testbucket.png)
+
+No need to attach any security policy to this user (we will adjust S3 bucket permissions below so this user can access it).
+
 Create access key for it, save it to ~/UserAccessCapillariesTestbucket.rc:
 ```
 export AWS_ACCESS_KEY_ID=AK...
 export AWS_SECRET_ACCESS_KEY=...
 export AWS_DEFAULT_REGION=us-east-1
 ```
 
-Now, everytime you have to run Capillaries test Docker setup (say, docker compose) or k8s POC, make sure you have those variables set:
+Now, everytime you run Capillaries test Docker setup (say, docker compose) or k8s POC, make sure you have those variables set:
 
 ```
 source ~/UserAccessCapillariesTestbucket.rc
 ```
 
-docker-compose.yml uses those environment variables when creating containers for daemons and webapi, and k8s setup creates secrets from them.
+docker-compose.yml uses those environment variables when creating containers for daemons and webapi, and k8s POC setup creates secrets from them.
 
 ## Bucket permissions for UserAccessCapillariesTestbucket
 
@@ -65,3 +69,5 @@ In `Amazon S3->Buckets->capillaries-testbucket->Permissions->Bucket policy` spec
 	]
 }
 ```
+
+![](./aws-capillaries-testbucket-permissions.png)