Added IAM policy examples to README.md

tpunder · Aug 28, 2014 · 84b513b · 84b513b
1 parent 87277f6
commit 84b513b
Showing 1 changed file with 85 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -8,6 +8,7 @@ This SBT plugin adds support for using Amazon S3 for resolving and publishing us
 
   * [Example](#example)
   * [Usage](#usage)
+  * [IAM Policy Examples](#iam)
   * [Authors](#authors)
   * [Copyright](#copyright)
   * [License](#license)
@@ -108,6 +109,90 @@ The property files should have the following format:
     accessKey = XXXXXXXXXX
     secretKey = XXXXXXXXXX
 
+## <a name="iam"></a>IAM Policy Examples
+
+I recommend that you create IAM Credentials for reading/writing your Maven S3 Bucket.  Here are some examples for our **maven.frugalmechanic.com** bucket:
+
+### Read/Write Policy (for publishing)
+
+<pre>
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": ["s3:GetBucketLocation"],
+      "Resource": "arn:aws:s3:::*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": ["s3:ListBucket"],
+      "Resource": ["arn:aws:s3:::<b>maven.frugalmechanic.com</b>"]
+    },
+    {
+      "Effect": "Allow",
+      "Action": ["s3:DeleteObject","s3:GetObject","s3:PutObject"],
+      "Resource": ["arn:aws:s3:::<b>maven.frugalmechanic.com</b>/*"]
+    }
+  ]
+}
+</pre>
+
+### Read-Only Policy
+
+<pre>
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": ["s3:GetBucketLocation"],
+      "Resource": "arn:aws:s3:::*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": ["s3:ListBucket"],
+      "Resource": ["arn:aws:s3:::<b>maven.frugalmechanic.com</b>"]
+    },
+    {
+      "Effect": "Allow",
+      "Action": ["s3:GetObject"],
+      "Resource": ["arn:aws:s3:::<b>maven.frugalmechanic.com</b>/*"]
+    }
+  ]
+}
+</pre>
+
+### Releases Read-Only, Snapshots Read/Write
+
+<pre>
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": ["s3:GetBucketLocation"],
+      "Resource": "arn:aws:s3:::*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": ["s3:ListBucket"],
+      "Resource": ["arn:aws:s3:::<b>maven.frugalmechanic.com</b>"]
+    },
+    {
+      "Effect": "Allow",
+      "Action": ["s3:GetObject"],
+      "Resource": ["arn:aws:s3:::<b>maven.frugalmechanic.com</b>/<b>releases</b>/*"]
+    },
+    {
+      "Effect": "Allow",
+      "Action": ["s3:DeleteObject","s3:GetObject","s3:PutObject"],
+      "Resource": ["arn:aws:s3:::<b>maven.frugalmechanic.com</b>/<b>snapshots</b>/*"]
+    }
+  ]
+}
+</pre>
+
 ## <a name="authors"></a>Authors
 
 Tim Underwood (<a href="https://github.com/tpunder" rel="author">GitHub</a>, <a href="https://www.linkedin.com/in/tpunder" rel="author">LinkedIn</a>, <a href="https://twitter.com/tpunder" rel="author">Twitter</a>, <a href="https://plus.google.com/+TimUnderwood0" rel="author">Google Plus</a>)