Requirements for a Workloads Assets S3 Bucket

When deploying Workloads, manifest documents will typically require one or more CloudFormation templates to be hosted in an S3 bucket. You can use the built-in stax-deployment-bucket Workload for this purpose, or deploy your own bucket with the details below.

Before You Begin

Have a good understanding of deploying Workloads
Have a good understanding of S3 Bucket Policies
Know which Stax Installation Region your Stax tenancy resides in

Bucket Properties

S3 buckets holding objects referenced by the Manifest must be accessible by the AWS account managing the Stax tenancy's Installation Region. Most simply, this can be configured by implementing an S3 Bucket Policy that contains the following statement:

{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::<installation-region-account-id>:root"
      },
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::<s3-bucket-name>/*"
    }
  ]
}

Replace <installation-region-account-id> above with the AWS Account Number of the Stax Installation Region's control plane. Replace <s3-bucket-name> with the name of the S3 bucket the policy is being applied to.

With the policy above in place, this bucket can be referenced by Workloads Manifest documents.

Before You Begin​

Bucket Properties​

Before You Begin

Bucket Properties