Creating minio users and assigning permissions
Outdated page
This page was set to be reviewed before 2022-01-01 by the page owner.
Contact the page Owner (opens default mail client) if you require this page to be updated
Connect to the minio server
mc config host add myminio https://s3.breadnet.co.uk:9000 BWFEUE9RZUOQWAFP1DCQ LYLBt+qW8TnqlD7Kq1y29IFLDUBL5Qvx+JMimcR7
Create the policy, using the below as a guide. Save it to reflect what it does
Create the policy on minio
Create a user to assign it to
Assign the policy to the user
Policy to allow access to a full bucket
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::testbucket-1"
]
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::testbucket-1/*"
]
}
]
}
Policy to allow access to a folder in a bucket
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AllowStatement1",
"Action": ["s3:ListAllMyBuckets", "s3:GetBucketLocation"],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::*"]
},
{
"Sid": "AllowStatement2A",
"Action": ["s3:ListBucket"],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::serverbackup"],
"Condition":{"StringEquals":{"s3:prefix":["","dbserver"]}}
},
{
"Sid": "AllowStatement3",
"Action": ["s3:ListBucket"],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::serverbackup"],
"Condition":{"StringLike":{"s3:prefix":["dbserver/*"]}}
},
{
"Sid": "AllowStatement4A",
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Resource": ["arn:aws:s3:::serverbackup/dbserver/*"]
}
]
}
Want to make this site better? Open a PR or help fund hosting costs