Skip to content

Backbeat Resources

Jump to bottom
Rahul Padigela edited this page Sep 25, 2017 · 1 revision

IAM Trust Policy

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Principal":{
            "Service":"backbeat"
         },
         "Action":"sts:AssumeRole"
      }
   ]
}

IAM Resource Policy to enable CRR

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "s3:GetObjectVersion",
            "s3:GetObjectVersionAcl"
         ],
         "Resource":[
            "arn:aws:s3:::source-bucket/*"
         ]
      },
      {
         "Effect":"Allow",
         "Action":[
            "s3:ListBucket",
            "s3:GetReplicationConfiguration"
         ],
         "Resource":[
            "arn:aws:s3:::source-bucket"
         ]
      },
      {
         "Effect":"Allow",
         "Action":[
            "s3:ReplicateObject",
            "s3:ReplicateDelete"
         ],
         "Resource":"arn:aws:s3:::destination-bucket/*"
      }
   ]
}

PUT Bucket Replication Configuration

{
	"Role": "arn:aws:iam::123456789012:role/s3-replication-role,arn:aws:iam::98765432112:role/s3-replication-role",
	"Rules": [{
		"Destination": {
			"Bucket": "arn:aws:s3:::targetBucket"
		},
		"Prefix": "",
		"Status": "Enabled",
		"StorageClass": "paris"
	}]
}
Clone this wiki locally