Enterprise Sync service will move content from S3 to Enterprise editorial storage. To accomplish this, customers can attach the following bucket policy to their S3 buckets to grant access to BeBop without sharing the AWS keys.
Please replace BebopCustomerRole with the role provided to you and BucketName with the bucket name the policy is applied to.
Policies
Read-Write
{
"Version": "2012-10-17",
"Id": "Policy1500414757803",
"Statement": [
{
"Sid": "Stmt1500414754089",
"Effect": "Allow",
"Principal": {
"AWS": [ "arn:aws:iam::320920465553:role/BebopCustomerRole", "arn:aws:iam::320920465553:user/BebopCustomerRole" ]
},
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:GetObjectTagging",
"s3:PutObject",
"s3:PutObjectTagging"
],
"Resource": [
"arn:aws:s3:::BucketName",
"arn:aws:s3:::BucketName/*"
]
}
]
}
For Read-Only Access please omit
"s3:PutObject",
"s3:PutObjectTagging"
Please provide us with the following information:
If there are 2 buckets
Bucket name content going into Enterprise
Ex: /dark-knight-to-bebop
Bucket name for content coming out of Enterprise
Ex: /dark-knight-from-bebop
If there is only 1 bucket with read/write permissions
Bucket name and sub-folder for content going into Bebop
Ex: /dark-knight/trailer/dailies
Bucket name and sub-folder for content coming out of Bebop
Ex: /dark-knight/trailer/selects
Step By Step
1. Login to AWS Console and go to S3 Console.
2. Click on the desired bucket.
3. Select Permissions Tab and Click on Bucket Policy.
4. Paste the bucket policy (from above). Replace the BebopCustomerRole & BucketName.
References: