Merge pull request #218 from chrisRedwine/main

fix(docs): Add required S3 PutObjectTagging permission to IAM policy in README
vmware-tanzu · Oct 1, 2024 · 207f0eb · 207f0eb
2 parents add8312 + b4ceca2
commit 207f0eb
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -76,7 +76,8 @@ For more information, see [the AWS documentation on IAM users][10].
 
     If you'll be using Velero to backup multiple clusters with multiple S3 buckets, it may be desirable to create a unique username per cluster rather than the default `velero`.
 
-2. Attach policies to give `velero` the necessary permissions:
+2. Attach policies to give `velero` the necessary permissions (note that `s3:PutObjectTagging` is only needed 
+   if you make use of the `config.tagging` field in the `BackupStorageLocation` spec):
 
     ```
     cat > velero-policy.json <<EOF
@@ -101,6 +102,7 @@ For more information, see [the AWS documentation on IAM users][10].
                     "s3:GetObject",
                     "s3:DeleteObject",
                     "s3:PutObject",
+                    "s3:PutObjectTagging",
                     "s3:AbortMultipartUpload",
                     "s3:ListMultipartUploadParts"
                 ],
@@ -199,7 +201,8 @@ It can be set up for Velero by creating a role that will have required permissio
     aws iam create-role --role-name velero --assume-role-policy-document file://./velero-trust-policy.json
     ```
 
-3. Attach policies to give `velero` the necessary permissions:
+3. Attach policies to give `velero` the necessary permissions (note that `s3:PutObjectTagging` is only needed 
+   if you make use of the `config.tagging` field in the `BackupStorageLocation` spec):
 
     ```
     BUCKET=<YOUR_BUCKET>
@@ -225,6 +228,7 @@ It can be set up for Velero by creating a role that will have required permissio
                     "s3:GetObject",
                     "s3:DeleteObject",
                     "s3:PutObject",
+                    "s3:PutObjectTagging",
                     "s3:AbortMultipartUpload",
                     "s3:ListMultipartUploadParts"
                 ],

diff --git a/changelogs/unreleased/218-chrisRedwine b/changelogs/unreleased/218-chrisRedwine
@@ -0,0 +1 @@
+Add required S3 PutObjectTagging permission to IAM policy in README
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Add required S3 PutObjectTagging permission to IAM policy in README