topic S3 and IAM Roles - Where to apply them? in ArcGIS Enterprise in the cloud Questions https://community.esri.com/t5/arcgis-enterprise-in-the-cloud-questions/s3-and-iam-roles-where-to-apply-them/m-p/1273529#M584 <P>I'm toying with the idea of adding S3 buckets to our Portal setup for things like tile caches, etc. I've read just about every post here on the Community and in the documentation that I can, and I have a pretty clear understanding of <EM>most </EM>of the process. Creating buckets, IAM roles, etc., that's all fine.</P><P>I'm still a bit confused on one thing, though. There are many references to the specific permissions that would need to be granted to an IAM role for these things to work. But <EM>where am I implementing to role itself?</EM> Is it being assigned to the EC2 instance running the Server? The Portal? Something else?</P><P>I don't want to grant access via a long-term key, I'd rather go the IAM route. So, where am I assigning the role?</P> Thu, 30 Mar 2023 13:57:31 GMT jcarlson 2023-03-30T13:57:31Z S3 and IAM Roles - Where to apply them? https://community.esri.com/t5/arcgis-enterprise-in-the-cloud-questions/s3-and-iam-roles-where-to-apply-them/m-p/1273529#M584 <P>I'm toying with the idea of adding S3 buckets to our Portal setup for things like tile caches, etc. I've read just about every post here on the Community and in the documentation that I can, and I have a pretty clear understanding of <EM>most </EM>of the process. Creating buckets, IAM roles, etc., that's all fine.</P><P>I'm still a bit confused on one thing, though. There are many references to the specific permissions that would need to be granted to an IAM role for these things to work. But <EM>where am I implementing to role itself?</EM> Is it being assigned to the EC2 instance running the Server? The Portal? Something else?</P><P>I don't want to grant access via a long-term key, I'd rather go the IAM route. So, where am I assigning the role?</P> Thu, 30 Mar 2023 13:57:31 GMT https://community.esri.com/t5/arcgis-enterprise-in-the-cloud-questions/s3-and-iam-roles-where-to-apply-them/m-p/1273529#M584 jcarlson 2023-03-30T13:57:31Z Re: S3 and IAM Roles - Where to apply them? https://community.esri.com/t5/arcgis-enterprise-in-the-cloud-questions/s3-and-iam-roles-where-to-apply-them/m-p/1274216#M585 <P>Each deployed EC2 instance has an IAM role associated with it, you can either add additional policies to the existing role or create a new role that has the required permissions and apply it to the EC2 instance.</P><P>&nbsp;</P><P>From an ArcGIS Enterprise perspective, the cache directory would be access by the service referencing the cache, so ArcGIS Server would need to have read access (at minimum) to the bucket and write access if you're generating the cache after publishing the service.</P><P>&nbsp;</P><P><A href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html" target="_blank">https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html</A></P><P>&nbsp;</P> Fri, 31 Mar 2023 18:06:38 GMT https://community.esri.com/t5/arcgis-enterprise-in-the-cloud-questions/s3-and-iam-roles-where-to-apply-them/m-p/1274216#M585 ChristopherPawlyszyn 2023-03-31T18:06:38Z