Skip to content

Commit e9941fe

Browse files
committed
Update based on PR feedback
Signed-off-by: Daniel Carl Jones <djonesoa@amazon.com>
1 parent 6ae1b9c commit e9941fe

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

doc/CONFIGURATION.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,7 @@ The permissions required to successfully mount your bucket and perform file syst
4343
Additionally, depending on the [file system configuration flags](#file-system-configuration) passed at mount time, some permissions may or may not be necessary.
4444

4545
#### General Purpose Buckets
46+
4647
On general purpose buckets, the IAM credentials you use with Mountpoint must have permission for the `s3:ListBucket` action for the S3 bucket you mount. To be able to read files with Mountpoint, you also need permission for the `s3:GetObject` action for the objects you read.
4748
Writing files requires permission for the `s3:PutObject` and `s3:AbortMultipartUpload` actions.
4849
Deleting existing files requires permission for the `s3:DeleteObject` action.
@@ -92,6 +93,7 @@ Here is an example least-privilege policy document to add to an IAM user or role
9293
Mountpoint also respects [access control lists (ACLs) applied to objects](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html) in your S3 bucket, but does not allow you to automatically attach ACLs to objects created with Mountpoint. A majority of modern use cases in Amazon S3 no longer require the use of ACLs. We recommend that you keep ACLs disabled for your S3 bucket, and instead use bucket policies to control access to your objects.
9394

9495
### Directory buckets
96+
9597
Directory buckets, introduced with the S3 Express One Zone storage class, use a different authentication mechanism from general purpose buckets.
9698
Instead of using `s3:*` actions, you should allow the `s3express:CreateSession` action.
9799
This will allow Mountpoint to perform create `ReadOnly` and `ReadWrite` sessions which allow Mountpoint to perform any supported operation against the bucket.

0 commit comments

Comments
 (0)