Set Ops Authing from AWS
Refer to Manage Environment Ops Authing▸, when using the AutoMQ Cloud BYOC product, the AutoMQ service provider needs the user to provide the appropriate ops authorization. This document explains how to configure delegated ops authorization in AWS S3.
In this document, references to AutoMQ product service provider, AutoMQ service provider, and AutoMQ all specifically refer to AutoMQ HK Limited.
AWS Environment Authorization
The AWS S3 console provides the Bucket Policy authorization feature. The operation steps are referenced in the document below.
Console Operation Steps
Log in to the cloud account that owns the Ops Bucket or a sub-account with authorization capabilities, and go to the S3 Console:
- Go to the Bucket list page and find the target Bucket. The user visits the S3 console, clicks on Bucket List on the left navigation bar, and enters the list page. Search for the Ops Bucket configured for the current environment and click on the details.
- Go to the Permissions menu and find the Bucket Policy. Click Edit to open the authorization form.
Fill in Authorization Information and Create a Bucket Authorization Policy. Follow the instructions below to fill in the necessary authorization information, click OK, and complete the creation of the authorization policy.
Authorized Resource: Select the specified Ops Bucket.
Authorized User: Refer to Overview▸, and fill in the AutoMQ service provider cloud account ID "381492316447".
Authorized Operation: Refer to the policy below..
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::381492316447:root"
},
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetObjectAcl",
"s3:GetObjectTagging",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging",
"s3:ListBucket",
"s3:ListBucketVersions",
"s3:ListBucketMultipartUploads",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::{Ops Bucket Name}",
"arn:aws:s3:::{Ops Bucket Name}/*"
]
}
]
}
