Skip to content

Instantly share code, notes, and snippets.

@pirafrank

pirafrank/s3_kms_docker_registry_policy.json

Created October 4, 2020 17:41
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save pirafrank/966fb781964b69c9f8beb886b8129ffb to your computer and use it in GitHub Desktop.
Save pirafrank/966fb781964b69c9f8beb886b8129ffb to your computer and use it in GitHub Desktop.
Download ZIP
AWS policy to host a private docker registry on an AWS-KMS encrypted S3 bucket. Attach it to a new IAM user to get Access and Secret keys that only allow access to the given bucket.
Raw
s3_kms_docker_registry_policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::pirafrankdockerregistry"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload"
],
"Resource": [
"arn:aws:s3:::pirafrankdockerregistry/*"
]
},
{
"Effect": "Allow",
"Action": [
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Resource": [
"arn:aws:kms:eu-central-1:123456789012:key/aaaaaaaa-bbbb-cccc-dddd-aaaaaaaaaaaa"
]
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment