Comment on page
AWS Role Based Authentication for S3 Sources
All S3 sources support reading via an IAM Role in your AWS account, rather than needing to fiddle with S3 and KMS permissions. This is a two step process. First, you need to create a role with a trusted entity allowing RunReveal's AWS account to access the role. Second, you'll need to update or remake your Source to include a Role ARN that will be assumed prior to reading the role.
We provide a cloudformation template that can be used to quickly create the role. Please note, this cloudformation template creates a role with
ListObjectpermissions to all of your buckets, and allows access to all of your KMS keys. You should update this policy to only the buckets and KMS keys you need to provide RunReveal access to.
When you create a source that supports AWS Role based access to the objects, you'll be prompted to provide a role ARN.