By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Storage Lens Permission How to

1

Hi everyone,

Per the help doc, I've setup an IAM user with the purpose of assigning them Storage Lens permissions. https://github.com/awsdocs/amazon-s3-developer-guide/blob/master/doc_source/storage_lens_iam_permissions.md#storage_lens_iam_permissions_account

However in the console, I can't see any of the permissions mentioned. I only see policies. Policies List

So are their policies that cover the permissions listed in the article, or do I need to add permissions from somewhere else?

Your help is much appreciated.

Topics
StorageSecurity, Identity, & Compliance
Tags
Amazon Simple Storage ServiceIAM Policies
Language
English
Outbound
asked 9 months ago451 views
2 Answers
4
Accepted Answer

Hi,

You'd need to create an IAM policy first with the permissions listed in the mentioned document

  1. Go to IAM Policy console
  2. Click Create policy
  3. Click JSON tab at top right OR you can do through Visual as well by selecting those actions one by one
  4. Add those actions which are mentioned in the doc, to Action part of the policy
  5. Click Next
  6. Give this policy a name

Here is how JSON document would look like for the policy if I include all the actions as listed under section Setting account permissions to use S3 Storage Lens in the above mentioned document. You can add/remove actions based on your requirement and add resource arn instead of '*':

 {
 	     "Version": "2012-10-17",
 	     "Statement": [
      		{
	     	     "Sid": "VisualEditor0",
		     "Effect": "Allow",
		     "Action": [
			     "s3:ListStorageLensConfigurations",
			     "s3:GetStorageLensConfiguration",
			     "s3:DeleteStorageLensConfigurationTagging",
			     "s3:PutStorageLensConfigurationTagging",
			     "s3:PutStorageLensConfiguration",
			     "s3:GetStorageLensConfigurationTagging",
			     "s3:GetStorageLensDashboard"
		     ],
		     "Resource": "*"
	     }
     ]
 }

Once you would have created the policy then you can assign this policy to that IAM user which would be used to access Storage Lens.

Hope you find this helpful.

Comment here if you have additional questions, happy to help.

Abhishek

profile pictureAWS
EXPERT
secondabhi_aws
answered 9 months ago
profile pictureAWS
EXPERT
iBehr
reviewed 9 months ago
profile picture
EXPERT
Gary Mclean
reviewed 9 months ago
0

Thanks so much Abhishek. That was the missing piece. Hope they add that to the documentation to help new, non-technical users.

Outbound
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content