AWS IAM Policy to Allow User Access to A Single Elastic Transcoder Pipeline

597 views Asked by At

I currently have a user policy that allows users to access the specific S3 bucket to which they are assigned. This functions perfectly. However, now I need to append instructions to this policy to grant the user access to an Elastic Transcoder pipeline that has been created for them. I've tried following the instructions here, but the policy keeps failing. I'm new to the IAM policy syntax, and could use a hand. See examples below:

Functional Policy Currently in Place:

{
    "Statement": [
        {
            "Effect": "Allow",
            "NotAction": [
                "s3:CreateBucket",
                "s3:DeleteBucket"
            ],
            "Resource": "arn:aws:s3:::org-b-bucket",
            "Condition": {}
        },
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::org-b-bucket/*",
            "Condition": {}
        },
        {
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "*",
            "Condition": {}
        }
    ]
}

Edited Policy Trying to Add Permissions (Dummy account info inserted):

{
        "Statement": [
            {
                "Effect": "Allow",
                "NotAction": [
                    "s3:CreateBucket",
                    "s3:DeleteBucket"
                ],
                "Resource": "arn:aws:s3:::org-b-bucket",
                "Condition": {}
            },
            {
                "Effect": "Allow",
                "Action": "s3:*",
                "Resource": "arn:aws:s3:::org-b-bucket/*",
                "Condition": {}
            },
            {
                "Effect": "Allow",
                "Action": "s3:ListAllMyBuckets",
                "Resource": "*",
                "Condition": {}
            },
{
         "Effect":"Allow",
         "Action":[
            "elastictranscoder:List*",
            "elastictranscoder:Read*",
            "elastictranscoder:CreateJob"
         ],
         "Resource":[
            "arn:aws:elastictranscoder:us-east-1:123456789123:pipeline/1234567891234-qwerty",
            "arn:aws:elastictranscoder:us-east-1:123456789123:job/*"
         ]
      }
        ]
    }
1

There are 1 answers

0
Chaudhary Naqash Subtain On

You should check the region, choose same region for client that you set while creating pipeline. check it here for detailed ansewr