IAM s3 permissions for registering cloud data store on 10.6.1 (Linux)

1360
3
07-31-2018 02:53 PM
USGSNational_Map
New Contributor

Hello,

We are not able to find more details on necessary IAM s3 permissions for registering cloud data store on Register your data with ArcGIS Server using Manager—Documentation | ArcGIS Enterprise. We are trying to register cloud data store on 10.6.1 version of ArcGIS Server.

With our current IAM role we are getting the following error:

Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 0555D62FC9FC07E0; S3 Extended Request ID: enaaUZXbKxAz9T7Vw9KYEHReasPC3m9ldmXNFVd3/6rpveuc71yi9TArHzGlk3bhl4Exp0/Da+s=)

Any information would be very helpful and appreciated.

0 Kudos
3 Replies
USGSNational_Map
New Contributor

Anyone?

0 Kudos
DarrenWiens2
MVP Honored Contributor

Just came across the same problem. Resolution as follows:

1.) Create an IAM role (trusted entity = EC2, policy = S3 full access [or locked down if you prefer])

2.) To your data store bucket, add bucket policy allowing access from your role to S3

3.) Attach IAM role to EC2 instance

This assumes your ArcGIS Server is running on EC2.

AndresCastillo
MVP Regular Contributor

This Action worked for us in the bucket policy:

            "Action": [
                "s3:ListBucket",
                "s3:List*",
                "s3:Get*",
                "s3:PutObjectAcl",
                "s3:ReplicateObject",
                "s3:ReplicateDelete",
                "s3:ReplicateTags",
                "s3:ObjectOwnerOverrideToBucketOwner"
            ],

0 Kudos