Required S3 Permissions for Integration?

Hi! I’m trying to use ShotStack’s S3 integration. I’ve created an IAM role for ShotStack with only “s3:PutObject” permissions for my bucket and nothing else, which I thought would be sufficient; however ShotStack is telling me it is unable to put the completed videos into my bucket due to insufficient permissions.

Which permissions does ShotStack need?

Hey @dazzatron do you think you could help me debug this? Even just being able to see the error message S3 is giving back to ShotStack would go a long way, I know how to debug this stuff myself.

My IAM policy is pretty straightforward and I don’t know why it’s not working:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::<bucketname>/*"
        }
    ]
}

Sorry I’m so late to answering this. I completely missed it. It looks like you need to add your bucketname in <bucketname>

Have a look here: S3 permission issue - #5 by lucas.spielberg. This is the most restrictive permissions I have been able to get to work so far. The only error we receive is a 403 so it is not very useful.