Requirements for a Workloads Assets S3 Bucket
When deploying Workloads, manifest documents will typically require one or more CloudFormation templates to be hosted in an S3 bucket. You can use the built-in stax-deployment-bucket Workload for this purpose, or deploy your own bucket with the details below.
Before You Begin
-
Have a good understanding of deploying Workloads
-
Have a good understanding of S3 Bucket Policies
-
Know which Stax Installation Region your Stax tenancy resides in
Bucket Properties
S3 buckets holding objects referenced by the Manifest must be accessible by the AWS account managing the Stax tenancy's Installation Region. Most simply, this can be configured by implementing an S3 Bucket Policy that contains the following statement:
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<installation-region-account-id>:root"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::<s3-bucket-name>/*"
}
]
}
Replace <installation-region-account-id> above with the AWS Account Number of the Stax Installation Region's control plane. Replace <s3-bucket-name> with the name of the S3 bucket the policy is being applied to.
With the policy above in place, this bucket can be referenced by Workloads Manifest documents.