Skip to content
hema-maps
Rio Tinto Track Navigation - Meeting Notes
  • Pages
    • hema-maps
      Whitelabeled Hema demo app
    • 2024 Meetings
      • Dec 10 - Alarm Logic (continued)
      • Dec 9 - Alarm Logic
      • Nov 25 - Asset Icons from Map Package and Destination LoA
      • Nov 19 - Test Plan
      • Nov 15 - Icons Approval
      • Oct 29 - Meeting Notes
    • 2025 Meetings
      • April 16 - OTA MMPK Update
      • April 11 - Route Recalculation Update
      • Jan 20 - UAT Feedback Responses
        • Post UAT-Testing Android Build
        • Feb 4 - Feedback Videos
      • Jan 15 - Onboarding Video
      • Jan 10 - Meeting Notes
    • icon picker
      AWS Instruction for Asking Limited Access
    • S3 Map Upload Guide
    • OTA Updater Build
    • May 28: Issues and Concerns
hema-maps
Rio Tinto Track Navigation - Meeting Notes
/
AWS Instruction for Asking Limited Access
Share
Explore

AWS Instruction for Asking Limited Access

Below are the step-by-step instructions to grant limited access securely:

Objective

Grant White Widget Limited access to Hema’s S3 bucket and permissions to handle the upload script for the OTA MMPK updater.

Step 1: Create an IAM Policy for Controlled Access

Navigate to the IAM service in the AWS console.
unnamed.png
In the sidebar, click Policies > Create policy.
Select the JSON tab and copy-paste the code block below:
Screenshot 2025-04-24 at 9.02.13 PM.png
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowS3LimitedAccess",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:PutBucketPolicy",
"s3:GetBucketPolicy",
"s3:PutBucketPublicAccessBlock",
"s3:GetBucketPublicAccessBlock"
],
"Resource": "arn:aws:s3:::[S3 BUCKET NAME]"
},
{
"Sid": "AllowIAMLimitedAccess",
"Effect": "Allow",
"Action": [
"iam:CreateUser",
"iam:GetUser",
"iam:CreatePolicy",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:AttachUserPolicy",
"iam:ListPolicies",
"iam:ListUserPolicies",
"iam:ListGroupsForUser",
"iam:ListAttachedUserPolicies",
"iam:ListEntitiesForPolicy",
"iam:ListUsers",
"iam:CreateAccessKey",
"iam:ListAccessKeys",
"iam:GetAccessKeyLastUsed"
],
"Resource": "*"
}
]
}
Update the highlighted word to your S3 BUCKET NAME.
Click Next, name the policy (e.g., WhiteWidgetLimitedS3Access), and create it.

Step 2: Create Role for White Widget

Go to IAM > Roles → Create role
Select Trusted entity type: Another AWS account
unnamed.png
Enter White Widget’s AWS Account ID: 028828300902
Proceed and attach the policy (WhiteWidgetLimitedS3Access) created in Step 1
unnamed.png

Step 3: Share the Bucket Name and Link to Switch Roles:
Send us the following:
S3 Bucket name
Link to Switch Roles in console
Example Screenshot of the link to switch role found in Role Summary.
Screenshot 2025-04-24 at 9.04.58 PM.png
This setup ensures that White Widget has only the required permissions to assist with the feature, without exposing the wider AWS environment or granting unnecessary access.
Please let us know once this is configured, and we’ll proceed accordingly.
Thank you ~
Want to print your doc?
This is not the way.
Try clicking the ··· in the right corner or using a keyboard shortcut (
CtrlP
) instead.