...
Code Block |
---|
# Exactly the IAM Role of the LHM Application in the AWS Account hosting it { "Version": "2012-10-17", "Statement": [ { "Sid": "S3ReadObject", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<LHM_App_Host_AWS_Account_Id>:role/<c><LHM_App_IAM_Role>" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::<bucket>/<path_prefix>/*" }, { "Sid": "S3ListBucket", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<LHM_App_Host_AWS_Account_Id>:role/<LHM_App_IAM_Role>" }, "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::<bucket>", "Condition": { "StringLike": { "s3:prefix": "<path_prefix>/*" } } } ] } |
...