From 470a689377ba51859c1fba08bc352d5683ba3a0d Mon Sep 17 00:00:00 2001 From: Ilya Verbitskiy Date: Thu, 12 Sep 2024 17:27:54 +0800 Subject: [PATCH] updated documenation regarding multiple bucket access --- README.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3a638b771..f36a90822 100644 --- a/README.md +++ b/README.md @@ -76,9 +76,28 @@ overrideWarningsEnabled=false npx cdk deploy\ ``` _Note:_ -- **MY_BUCKET**: name of an existing bucket in your account +- **MY_BUCKET**: name of an existing bucket or the list of comma-separated bucket names in your account - **PROFILE_NAME**: name of an AWS CLI profile that has appropriate credentials for deploying in your preferred region +Check the bucket resource policy if the API cannot access the bucket after the successful deployment. You may need to allow **s3:GetObject** and **s3:ListBucket** operations for your the Image Handler lambda role: + +```json +{ + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::XXXXXX:role/ServerlessImageHandlerSta-BackEndImageHandlerFuncti-XXXXXX" + }, + "Action": [ + "s3:GetObject", + "s3:ListBucket" + ], + "Resource": [ + "arn:aws:s3:::XXXXXX-bucket", + "arn:aws:s3:::XXXXXX-bucket/*" + ] +} +``` + # Collection of operational metrics This solution collects anonymous operational metrics to help AWS improve the quality and features of the solution. For more information, including how to disable this capability, please see the [implementation guide](https://docs.aws.amazon.com/solutions/latest/serverless-image-handler/op-metrics.html).