Adds info on policy for STS authentication using web-id (#9289)

2024-09-06 00:37:25 +00:00 · 2020-04-08 10:34:43 -07:00 · 2020-04-08 10:34:43 -07:00 · a78731a3ba
parent f4e779c964
commit a78731a3ba
1 changed files with 18 additions and 0 deletions
--- a/docs/sts/web-identity.md
+++ b/docs/sts/web-identity.md
@ -112,6 +112,24 @@ $ go run web-identity.go -cid 204367807228-ok7601k6gj1pgge7m09h7d79co8p35xx.apps
 2018/12/26 17:49:36 listening on http://localhost:8080/
 ```

+Note: For a reasonable test outcome, make sure the assumed user has at least permission/policy to list all buckets. That policy would look like below:
+```
+{
+  "version": "2012-10-17",
+  "statement": [
+    {
+      "effect": "Allow",
+      "action": [
+        "s3:ListAllMyBuckets"
+      ],
+      "resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+}
+```
+
 ## Authorization Flow

 - Visit http://localhost:8080, login will direct the user to the Google OAuth2 Auth URL to obtain a permission grant.