Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
# Exactly the IAM Role of the LHM Application in the AWS Account hosting it
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "S3ReadObject",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<LHM_App_Host_AWS_Account_Id>:role/<c><LHM_App_IAM_Role>"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::<bucket>/<path_prefix>/*"
        },
        {
            "Sid": "S3ListBucket",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<LHM_App_Host_AWS_Account_Id>:role/<LHM_App_IAM_Role>"            
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::<bucket>",
            "Condition": {
                "StringLike": {
                    "s3:prefix": "<path_prefix>/*"
                }
            }
        }
    ]
}

...