This feature utilizes pre-signed URLs to facilitate uploading artifacts to S3.
The minimum S3 bucket policy required to use this feature is:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PolicyForAllowKasmS3UserReadWrite",
"Effect": "Allow",
"Principal": {
"AWS": "<s3 persistent profile user arn>"
},
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource": "<s3 bucket arn>/*"
},
{
"Sid": "PolicyForAllowKasmS3UserListLocate",
"Effect": "Allow",
"Principal": {
"AWS": "<s3 persistent profile user arn>"
},
"Action": [
"s3:GetBucketLocation"
],
"Resource": "<s3 bucket arn>"
}
]
}
The minimum IAM policy for the S3 credentials used in Kasm are:
{
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": [
"<s3 bucket arn>",
"<s3 bucket arn>/*"
]
},
{
"Action": [
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "<s3 bucket arn>"
}
],
"Version": "2012-10-17"
}