How to set the right IAM permission in AWS for AVflow

Grant AVflow access to the AWS S3 bucket

This article is about setting up IAM in AWS to grant AVflow the requisite read/write access to your AVflow S3 bucket so it can monitor when new files are uploaded and be able to save back files to it. If you are just testing, the quickest setup is to give Full Access to S3. Or follow the below to give limited access.

1. Create a dedicated AWS User whose credentials will be used in AVflow

Go to:
Select Users menu item from the left navigation

Select Add user create a dedicated user for AVflow,
Select Programmatically access

Select Next tag

Select Next : Review

Then select Create user

The new user is created now. Just download the credential as you will need it to allow AVflow to access your AWS resource.

2. Specify the permissions for the created User and restrict access to the target bucket only.

Go back to and select Users from left navigation

Select newly created user.
Select Add inline policy

Select tab JSON

Edit the JSON as below example to allow the current user to have all access to your S3 bucket (In this example named "my-bucket").

 "Version": "2012-10-17",
 "Statement": [
     "Sid": "VisualEditor0",
     "Effect": "Allow",
     "Action": [
     "Resource": [
     "Sid": "VisualEditor1",
     "Effect": "Allow",
     "Action": "sns:Publish",
     "Resource": "*"

Select "Review policy", add policy name then select Create policy

All the settings to allow AVflow to access to S3 bucket are done now. Just make sure that the bucket specified in the policy is an existing and valid one.

Important points:

  • Your credentials are encrypted and private, even AVflow's team has no access to them.
  • The access to "arn:aws:s3:::ffmpeg-transcode-prod" resource is to allow the system to copy the outputs from the AVflow bucket named "ffmpeg-transcode-prod" into your bucket.