Hello,
We are not able to find more details on necessary IAM s3 permissions for registering cloud data store on Register your data with ArcGIS Server using Manager—Documentation | ArcGIS Enterprise. We are trying to register cloud data store on 10.6.1 version of ArcGIS Server.
With our current IAM role we are getting the following error:
Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 0555D62FC9FC07E0; S3 Extended Request ID: enaaUZXbKxAz9T7Vw9KYEHReasPC3m9ldmXNFVd3/6rpveuc71yi9TArHzGlk3bhl4Exp0/Da+s=)
Any information would be very helpful and appreciated.
Anyone?
Just came across the same problem. Resolution as follows:
1.) Create an IAM role (trusted entity = EC2, policy = S3 full access [or locked down if you prefer])
2.) To your data store bucket, add bucket policy allowing access from your role to S3
3.) Attach IAM role to EC2 instance
This assumes your ArcGIS Server is running on EC2.
This Action worked for us in the bucket policy:
"Action": [
"s3:ListBucket",
"s3:List*",
"s3:Get*",
"s3:PutObjectAcl",
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags",
"s3:ObjectOwnerOverrideToBucketOwner"
],