AMP-82079 Update S3 import IAM Policy

Amplitude-Developer-Docs · Aug 16, 2023 · 6356d74 · 6356d74
1 parent d1560e6
commit 6356d74
Showing 1 changed file with 52 additions and 3 deletions.
diff --git a/docs/data/sources/amazon-s3.md b/docs/data/sources/amazon-s3.md
@@ -98,9 +98,58 @@ Follow these steps to give Amplitude read access to your AWS S3 bucket.
 3. Create a new IAM policy, for example, `AmplitudeS3ReadOnlyAccess`. Use the entire example code that follows, but be sure to update **{{}}** in highlighted text.
 
     - **{{bucket_name}}**: the s3 bucket name where your data is imported from.
-    - **{{prefix}}**: the prefix of files that you want to import, for example `/prefix`. For folders, make sure prefix ends with `/`. But for root folder, keep prefix as empty.
+    - **{{prefix}}**: the optional prefix of files that you want to import, for example `filePrefix`. For folders, make sure prefix ends with `/`, for example `folder/`. For the root folder, keep prefix as empty.
 
-    ```json hl_lines="16 30 41"
+    Example 1: IAM policy without prefix:
+    ```json hl_lines="16 29 40"
+    {
+      "Version":"2012-10-17",
+      "Statement":[
+        {
+          "Sid":"AllowListingOfDataFolder",
+          "Action":[
+            "s3:ListBucket"
+          ],
+          "Effect":"Allow",
+          "Resource":[
+            "arn:aws:s3:::{{bucket_name}}"
+          ],
+          "Condition":{
+            "StringLike":{
+              "s3:prefix":[
+                "*"
+              ]
+            }
+          }
+        },
+        {
+          "Sid":"AllowAllS3ReadActionsInDataFolder",
+          "Effect":"Allow",
+          "Action":[
+            "s3:GetObject",
+            "s3:ListObjects"
+          ],
+          "Resource":[
+            "arn:aws:s3:::{{bucket_name}}/*"
+          ]
+        },
+        {
+          "Sid":"AllowUpdateS3EventNotification",
+          "Effect":"Allow",
+          "Action":[
+            "s3:PutBucketNotification",
+            "s3:GetBucketNotification"
+          ],
+          "Resource":[
+            "arn:aws:s3:::{{bucket_name}}"
+          ]
+        }
+      ]
+    }
+    ```
+
+    Example 2: IAM policy with a prefix. For a folder, make sure the prefix ends with `/`, for example `folder/`:
+    ```json hl_lines="16 29 40"
     {
       "Version":"2012-10-17",
       "Statement":[
@@ -129,7 +178,7 @@ Follow these steps to give Amplitude read access to your AWS S3 bucket.
             "s3:ListObjects"
           ],
           "Resource":[
-            "arn:aws:s3:::{{bucket_name}}{{prefix}}*"
+            "arn:aws:s3:::{{bucket_name}}/{{prefix}}*"
           ]
         },
         {