Docly

Connecting to AWS S3

Estimated reading: 1 minute

Stemma supports two methods of transferring files:.

  1. Stemma creates an S3 bucket: you provide Stemma the ARN for a role/group that should have access to read to and write from the bucket. You then provide the role/group to the users or resources that need access to the bucket. Stemma recommends this method.
  2. You create the S3 bucket: Stemma provides you the ARN of the role that the Stemma app uses. You will need to add the following policy to the bucket to allow Stemma access. Make sure you replace <BUCKET_NAME> and <ARN_FROM_STEMMA> with the appropriate values.
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "StemmaBucketAccess",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::<BUCKET_NAME>/*",
                "arn:aws:s3:::<BUCKET_NAME>"
            ],
            "Condition": {
                "ArnLike": {
                    "aws:PrincipalArn": "<ARN_FROM_STEMMA>"
                }
            }
        }
    ]
}