gray-vr-17331
09/27/2023, 3:22 AMAttach theThat's a bit too much access for me to grant to flyte in most accounts, so I'd like to pair that down. I see from the Opta IaC for flyte, both those categories are provided the Opta s3 "write" access alias, which seems to translate to this:policy for now. S3 access can be tweaked later to narrow down the scope.AmazonS3FullAccess
"s3:GetObject*",
"s3:PutObject*",
"s3:DeleteObject*",
"s3:ListBucket"
Does that sound about right? It seems a little narrow, I would have expected to also include things like AbortMultipartUpload
, GetBucketAcl
, etc.average-finland-92144
09/27/2023, 10:32 AM