Adds info on policy for STS authentication using web-id (#9289)

master
ebozduman 5 years ago committed by GitHub
parent f4e779c964
commit a78731a3ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 18
      docs/sts/web-identity.md

@ -112,6 +112,24 @@ $ go run web-identity.go -cid 204367807228-ok7601k6gj1pgge7m09h7d79co8p35xx.apps
2018/12/26 17:49:36 listening on http://localhost:8080/ 2018/12/26 17:49:36 listening on http://localhost:8080/
``` ```
Note: For a reasonable test outcome, make sure the assumed user has at least permission/policy to list all buckets. That policy would look like below:
```
{
"version": "2012-10-17",
"statement": [
{
"effect": "Allow",
"action": [
"s3:ListAllMyBuckets"
],
"resource": [
"arn:aws:s3:::*"
]
}
]
}
```
## Authorization Flow ## Authorization Flow
- Visit http://localhost:8080, login will direct the user to the Google OAuth2 Auth URL to obtain a permission grant. - Visit http://localhost:8080, login will direct the user to the Google OAuth2 Auth URL to obtain a permission grant.

Loading…
Cancel
Save