How to set the right IAM permission in AWS for AVflow
Grant AVflow access to the AWS S3 bucket
This article is about setting up IAM in AWS to grant AVflow the requisite read/write access to your AVflow S3 bucket so it can monitor when new files are uploaded and be able to save back files to it. If you are just testing, the quickest setup is to give Full Access to S3. Or follow the below to give limited access.
1. Create a dedicated AWS User whose credentials will be used in AVflow
Go to: https://console.aws.amazon.com/iam/home
Select Users menu item from the left navigation
Select Add user create a dedicated user for AVflow,
Select Programmatically access
Select Next tag
Select Next : Review
Then select Create user
The new user is created now. Just download the credential as you will need it to allow AVflow to access your AWS resource.
2. Specify the permissions for the created User and restrict access to the target bucket only.
Go back to https://console.aws.amazon.com/iam/home and select Users from left navigation
Select newly created user.
Select Add inline policy
Select tab JSON
Edit the JSON as below example to allow the current user to have all access to your S3 bucket (In this example named "my-bucket").
Select "Review policy", add policy name then select Create policy
All the settings to allow AVflow to access to S3 bucket are done now. Just make sure that the bucket specified in the policy is an existing and valid one.
- Your credentials are encrypted and private, even AVflow's team has no access to them.
- The access to "arn:aws:s3:::ffmpeg-transcode-prod" resource is to allow the system to copy the outputs from the AVflow bucket named "ffmpeg-transcode-prod" into your bucket.