Comment on page

AWS Role Based Authentication for S3 Sources

All S3 sources support reading via an IAM Role in your AWS account, rather than needing to fiddle with S3 and KMS permissions. This is a two step process. First, you need to create a role with a trusted entity allowing RunReveal's AWS account to access the role. Second, you'll need to update or remake your Source to include a Role ARN that will be assumed prior to reading the role.

Creating the role

We provide a cloudformation template that can be used to quickly create the role. Please note, this cloudformation template creates a role with GetObject and ListObject permissions to all of your buckets, and allows access to all of your KMS keys. You should update this policy to only the buckets and KMS keys you need to provide RunReveal access to.
Create the role using this link to our cloudformation stack.
If you'd like to review the cloudformation stack, or make edits prior to running it, it's hosted open-source here.

Create the source

When you create a source that supports AWS Role based access to the objects, you'll be prompted to provide a role ARN.