AWSThinkboxAssetServerPolicy

You can attach the AWSThinkboxAssetServerPolicy policy to your IAM identities.

This policy grants operative permissions that allow AWS Portal Asset Server to access AWS CloudWatch logs and AWS S3 bucket for normal operation.

Permissions details

This policy includes the following permissions.

  • logs - Used to get CloudWatch logs created by Deadline and AWS Portal back on-premise.

  • s3 - Used to upload and download files to/from the S3 cache bucket.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "logs:DescribeLogGroups",
                "logs:DescribeLogStreams",
                "logs:GetLogEvents"
            ],
            "Resource": [
                "arn:aws:logs:*:*:log-group:/thinkbox*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::aws-portal-cache*"
            ]
        }
    ]
}