Gallery
hema-maps
Rio Tinto Track Navigation - Meeting Notes
Share
Explore
Pages

icon picker
AWS Instruction for Asking Limited Access

Below are the step-by-step instructions to grant limited access securely:

Objective

Grant White Widget Limited access to Hema’s S3 bucket and permissions to handle the upload script for the OTA MMPK updater.

Step 1: Create an IAM Policy for Controlled Access

Navigate to the IAM service in the AWS console.
unnamed.png
In the sidebar, click Policies > Create policy.
Select the JSON tab and copy-paste the code block below:
Screenshot 2025-04-24 at 9.02.13 PM.png
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowS3LimitedAccess",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:PutBucketPolicy",
"s3:GetBucketPolicy",
"s3:PutBucketPublicAccessBlock",
"s3:GetBucketPublicAccessBlock"
],
"Resource": "arn:aws:s3:::[S3 BUCKET NAME]"
},
{
"Sid": "AllowIAMLimitedAccess",
"Effect": "Allow",
"Action": [
"iam:CreateUser",
"iam:GetUser",
"iam:CreatePolicy",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:AttachUserPolicy",
"iam:ListPolicies",
"iam:ListUserPolicies",
"iam:ListGroupsForUser",
"iam:ListAttachedUserPolicies",
"iam:ListEntitiesForPolicy",
"iam:ListUsers",
"iam:CreateAccessKey",
"iam:ListAccessKeys",
"iam:GetAccessKeyLastUsed"
],
"Resource": "*"
}
]
}
Update the highlighted word to your S3 BUCKET NAME.
Click Next, name the policy (e.g., WhiteWidgetLimitedS3Access), and create it.

Step 2: Create Role for White Widget

Go to IAM > Roles → Create role
Select Trusted entity type: Another AWS account
unnamed.png
Enter White Widget’s AWS Account ID: 028828300902
Proceed and attach the policy (WhiteWidgetLimitedS3Access) created in Step 1
unnamed.png

Step 3: Share the Bucket Name and Link to Switch Roles:
Send us the following:
S3 Bucket name
Link to Switch Roles in console
Example Screenshot of the link to switch role found in Role Summary.
Screenshot 2025-04-24 at 9.04.58 PM.png
This setup ensures that White Widget has only the required permissions to assist with the feature, without exposing the wider AWS environment or granting unnecessary access.
Please let us know once this is configured, and we’ll proceed accordingly.
Thank you ~
Gallery
Share
 
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.