# flyte-deployment

Terence Kent

09/27/2023, 3:22 AM
👋 Can I get the some hints on the specific IAM access required s3 buckets for the "Flyte System" and "Flyte Users" (tasks)? I see in the EKS manual setup it includes this line:
Attach the
policy for now. S3 access can be tweaked later to narrow down the scope.
That's a bit too much access for me to grant to flyte in most accounts, so I'd like to pair that down. I see from the Opta IaC for flyte, both those categories are provided the Opta s3 "write" access alias, which seems to translate to this:
Copy code
Does that sound about right? It seems a little narrow, I would have expected to also include things like
, etc.

David Espejo (he/him)

09/27/2023, 10:32 AM
Hey Terence The reference implementation (built with Terraform) uses those permissions and it's been already tested: