Hello,
Been trying to deploy Seafile Pro with S3 back end and running into some issues with S3 policies. I’ve tried to implement whole bunch of policies and can’t get Seafile to work with all of the functionality. I can get library creation / file upload to work with IAM / S3 policy, but then file search fails (access denied). Specifically, I am trying to create a policy that would only allow single IAM user to access the buckets required for Seafile to function properly.
Has anyone had any luck or any suggestions on how to accomplish this? The support doesn’t seem to have any good suggestions and I figured forum might have more info I could use.
Example IAM policy that should work, but doesn’t.
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [“s3:ListBucket”],
“Resource”: [
“arn:aws:s3:::{{ bucket1 }}”,
“arn:aws:s3:::{{ bucket2 }}”,
“arn:aws:s3:::{{ bucket3 }}”
]
},
{
“Effect”: “Allow”,
“Action”: [
“s3:PutObject”,
“s3:GetObject”,
“s3:DeleteObject”
],
“Resource”: [
“arn:aws:s3:::{{ bucket1 }}/",
"arn:aws:s3:::{{ bucket2 }}/”,
“arn:aws:s3:::{{ bucket3 }}/*”
]
}
]
}