AWS IAM policy for S3 bucket on Edge Impulse

Help
#1

Question/Issue:
Hello, I’m new on Edge Impulse and I’ve configured a S3 bucket as data source for a project.
I wanted to know what are the access level used by Edge Impulse ?

I don’t want to give full permissions on the bucket using s3:*, I would like to specify each access level. Do you have an example of a policy that I can reuse that covers it ?

Project ID: NA

Context/Use case:

This is what I have for now:

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "EdgeImpulseAccess",
			"Effect": "Allow",
			"Action": [
			    "s3:*"    
		    ],
			"Resource": [
			    "arn:aws:s3:::267341338450-manual-edge-impulse/*"    
		    ]
		}
	]
}
1 Like
#2

Hi @callmemath-pro

Let me check that over for you and post back in a little bit.

Best

Eoin

1 Like
#3

Hi @callmemath-pro

Managing objects and listing the bucket contents should be all you need

				"s3:GetObject",
				"s3:PutObject",
				"s3:ListBucket",

You can also restrict access based on the request origins too:

{
      "CORSRules": [
        {
            "AllowedHeaders": ["*"],
            "AllowedMethods": ["PUT", "POST"],
            "AllowedOrigins": ["https://studio.edgeimpulse.com"],
            "ExposeHeaders": []
        }
    ]
}

Best

Eoin

1 Like
#4

Thanks, I could add the bucket but then got the error access denied when adding a new dataset:

Screenshot 2024-03-26 at 18.49.36
Screenshot 2024-03-26 at 18.49.36808×360 36.1 KB

(even though it seems to be added anyway when I refreshed the page)

It gave me a successful response after I added "s3:DeleteObject" as well.
Would be interesting to have a read-only bucket feature someday