From 639744cd94f941f837be96a3b2d8d82f04a6afbb Mon Sep 17 00:00:00 2001 From: Jigar Joshi Date: Thu, 6 Feb 2025 15:48:33 +0530 Subject: [PATCH] docs: IAM policy support doc --- docs/iam/iam-policy-support.md | 21 +++++++++++++++++++++ docs/iam/index.md | 7 +++++++ sidebars.js | 1 + 3 files changed, 29 insertions(+) create mode 100644 docs/iam/iam-policy-support.md diff --git a/docs/iam/iam-policy-support.md b/docs/iam/iam-policy-support.md new file mode 100644 index 00000000..2d2fc14a --- /dev/null +++ b/docs/iam/iam-policy-support.md @@ -0,0 +1,21 @@ +# Tigris IAM Policy Support + +An IAM (Identity and Access Management) policy is a set of rules that define +permissions, specifying what actions can be performed on specific resources +optionally with some conditions. IAM policy is very broad and in context of +Tigris we support the following blocks: + +| Block | Supported | Description | +| ------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Version | Yes | Specifies the version of the policy language. The supported version is `2012-10-17` | +| Id | Yes | An optional identifier of the policy. | +| Statement | Yes | An array of one or more statements that define the permissions. | +| statement.sid_block | Yes | An optional identifier for the statement. | +| statement.effect | Yes | Specifies whether the action is allowed or denied. | +| statement.action | Yes | Specifies the action that is allowed. Note that here Tigris supports format `s3:MethodName`, For example: `s3:PutBucket`. Tigris supports wildcard (`*`) and prefixes (eg: `s3:Put*`) here. | +| statement.resource | Yes | Specifies the Amazon Resource Name (ARN) of the resource to which the policy applies. Tigris supports wildcard (`*`) and prefixes for object (eg: `arn:aws:s3:::my-bucket/images/*`). | +| statement.condition | Partially | Tigris supports `IpAddress`, `NotIpAddress`, `DateEquals`, `DateNotEquals`, `DateGreaterThan`, `DateGreaterThanEquals`, `DateLessThan`, `DateLessThanEquals` condition. | + +Note that for date-time conditions - only supported variable is +`aws:CurrentTime` which represents the current time when server is processing +the request. diff --git a/docs/iam/index.md b/docs/iam/index.md index 56a9fec5..d49a803c 100644 --- a/docs/iam/index.md +++ b/docs/iam/index.md @@ -36,6 +36,13 @@ you'll need to attach IAM policies to the new access key. Let's create an IAM policy and attach it to an access key. Here's an example IAM policy. You'll need to save it as a `.json` file. +:::note + +Refer [here](./iam-policy-support.md) for more information on what blocks of IAM +policies are supported by Tigris. + +::: + ``` nano file:///path/to/policy.json diff --git a/sidebars.js b/sidebars.js index 1ac0d786..15066669 100644 --- a/sidebars.js +++ b/sidebars.js @@ -84,6 +84,7 @@ const sidebars = { label: "IAM", items: [ "iam/index", + "iam/iam-policy-support", "iam/limited-access-key", "iam/ip-restrictions", "iam/date-time-restrictions",