diff --git a/source/extra/examples/ReplicationRemoteUserPolicy.json b/source/extra/examples/ReplicationRemoteUserPolicy.json index a93aa447..328c144a 100644 --- a/source/extra/examples/ReplicationRemoteUserPolicy.json +++ b/source/extra/examples/ReplicationRemoteUserPolicy.json @@ -27,6 +27,9 @@ "s3:GetObjectVersion", "s3:GetObjectVersionTagging", "s3:PutObject", + "s3:PutObjectRetention", + "s3:PutBucketObjectLockConfiguration", + "s3:PutObjectLegalHold", "s3:DeleteObject", "s3:ReplicateObject", "s3:ReplicateDelete" diff --git a/source/replication/enable-server-side-one-way-bucket-replication.rst b/source/replication/enable-server-side-one-way-bucket-replication.rst index 77760b44..10814930 100644 --- a/source/replication/enable-server-side-one-way-bucket-replication.rst +++ b/source/replication/enable-server-side-one-way-bucket-replication.rst @@ -110,39 +110,9 @@ source and destination clusters: The following policy provides permissions for configuring and enabling replication on a cluster. - .. code-block:: shell + .. literalinclude:: /extra/examples/ReplicationAdminPolicy.json :class: copyable - - { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "admin:SetBucketTarget", - "admin:GetBucketTarget" - ], - "Effect": "Allow", - "Sid": "EnableRemoteBucketConfiguration" - }, - { - "Effect": "Allow", - "Action": [ - "s3:GetReplicationConfiguration", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:GetBucketLocation", - "s3:GetBucketVersioning", - "s3:GetObjectRetention", - "s3:GetObjectLegalHold", - "s3:PutReplicationConfiguration" - ], - "Resource": [ - "arn:aws:s3:::*" - ], - "Sid": "EnableReplicationRuleConfiguration" - } - ] - } + :language: json - The ``"EnableRemoteBucketConfiguration"`` statement grants permission for creating a remote target for supporting replication. @@ -163,52 +133,9 @@ source and destination clusters: The following policy provides permissions for enabling synchronization of replicated data *into* the cluster. - .. code-block:: shell + .. literalinclude:: /extra/examples/ReplicationRemoteUserPolicy.json :class: copyable - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "s3:GetReplicationConfiguration", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:GetBucketLocation", - "s3:GetBucketVersioning", - "s3:GetBucketObjectLockConfiguration", - "s3:GetEncryptionConfiguration" - ], - "Resource": [ - "arn:aws:s3:::*" - ], - "Sid": "EnableReplicationOnBucket" - }, - { - "Effect": "Allow", - "Action": [ - "s3:GetReplicationConfiguration", - "s3:ReplicateTags", - "s3:AbortMultipartUpload", - "s3:GetObject", - "s3:GetObjectVersion", - "s3:GetObjectVersionTagging", - "s3:PutObject", - "s3:PutObjectRetention", - "s3:PutBucketObjectLockConfiguration", - "s3:PutObjectLegalHold", - "s3:DeleteObject", - "s3:ReplicateObject", - "s3:ReplicateDelete" - ], - "Resource": [ - "arn:aws:s3:::*" - ], - "Sid": "EnableReplicatingDataIntoBucket" - } - ] - } + :language: json - The ``"EnableReplicationOnBucket"`` statement grants permission for a remote target to retrieve bucket-level configuration for supporting