Hi, I’m trying to use pydio cells connecting my minio service, I created a minio user called pydio, and Buckets prefix is “pydio-” in installation, but it seems that the best practices for S3 policies not being stated in the doc. (https://pydio.com/en/docs/cells/v3/s3-compatible-storage)
Though the policy as shown below (minio-IAM-readwrite)
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“s3:*”
],
“Resource”: [
“arn:aws:s3:::*”
]
}
]
}
is usable, but if so pydio will be able to do unlimited writes and reads to any buckets, I’m worried about the buckets created for myself or other services being used, so I would like to know is there a minimum set of S3 policies required for pydio to function properly, This is my example, but I think it is not optimal.
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“s3:CreateBucket”,
“s3:ListAllMyBuckets”,
“s3:GetBucketLocation”,
“s3:ListBucket”,
“s3:DeleteBucket”
],
“Resource”: [
“arn:aws:s3:::*”
]
},
{
“Effect”: “Allow”,
“Action”: [
“s3:*”
],
“Resource”: [
“arn:aws:s3:::pydio-*”,
“arn:aws:s3:::pydio-*/*”
]
}
]
}
thanks