Update AWS S3 tutorial, fixing #1593

2018-01-29 20:47:27 +01:00 · 2018-01-29 20:47:27 +01:00 · 77a6054d64
parent 94ec55ff2c
commit 77a6054d64
4 changed files with 19 additions and 27 deletions
--- a/doc/080_examples.rst
+++ b/doc/080_examples.rst
@ -121,48 +121,40 @@ policy:
   :alt: Assign a Policy
 A new browser window or tab will open with the policy wizard. In Amazon IAM,
-policies are defined as JSON documents. For this tutorial, the "Policy
+policies are defined as JSON documents. For this tutorial, the "Visual editor"
-Generator" will be used to generate a policy file using a web interface:
+will be used to generate a policy:
 .. image:: images/aws_s3/11_policy_start.png
   :alt: Create a New Policy
-After invoking the policy generator, you will be presented with a user
+For restic to work, two permission statements must be created using the visual
-interface to generate individual permission statements. For restic to work, two
+policy editor. The first statement is set up as follows:
 such statements must be created. The first statement is set up as follows:
 .. code::
-   Effect: Allow
+   Service: S3
-   Service: Amazon S3
+   Allow Actions: DeleteObject, GetObject, PutObject
-   Actions: DeleteObject, GetObject, PutObject
+   Resources: arn:aws:s3:::restic-demo/*
   Resource: arn:aws:s3:::restic-demo/*
 This statement allows restic to create, read and delete objects inside the S3
-bucket named ``restic-demo``. Adjust the bucket's name to the name of the bucket
+bucket named ``restic-demo``. Adjust the bucket's name to the name of the
-you created earlier. Using the "Add Statement" button, this statement can be
+bucket you created earlier. Next, add a second statement using the "Add
-saved. Now a second statement is created:
+additional permissions" button:
 .. code::
-   Effect: Allow
+   Service: S3
-   Service: Amazon S3
+   Allow Actions: ListBucket, GetBucketLocation
   Actions: ListBucket
   Resource: arn:aws:s3:::restic-demo
-Again, substitute ``restic-demo`` with the actual name of your bucket. Note that,
+Again, substitute ``restic-demo`` with the actual name of your bucket. Note
-unlike before, there is no ``/*`` after the bucket name. This statement allows
+that, unlike before, there is no ``/*`` after the bucket name. This statement
-restic to list the objects stored in the ``restic-demo`` bucket. Again, use "Add
+allows restic to list the objects stored in the ``restic-demo`` bucket and to
-Statement" to save this statement. The policy creator interface should now
+query the bucket's region.
 look as follows:
-.. image:: images/aws_s3/12_policy_permissions_done.png
+Continue to the next step by clicking the "Review policy" button and enter a
-   :alt: Policy Creator With Two Statements
+name and description for this policy. For this tutorial, the policy will be
-
+named ``restic-demo-policy``. Click "Create policy" to finish the process:
 Continue to the next step and enter a name and description for this policy. For
 this tutorial, the policy will be named ``restic-demo-policy``. In this step you
 can also examine the JSON document created by the policy generator. Click
 "Create Policy" to finish the process:
 .. image:: images/aws_s3/13_policy_review.png
   :alt: Policy Review
--- a/doc/images/aws_s3/11_policy_start.png
+++ b/doc/images/aws_s3/11_policy_start.png
--- a/doc/images/aws_s3/12_policy_permissions_done.png
+++ b/doc/images/aws_s3/12_policy_permissions_done.png
--- a/doc/images/aws_s3/13_policy_review.png
+++ b/doc/images/aws_s3/13_policy_review.png