Update the recommended s3 policy in s3 offload media (#8731)

* Update 07-wordpress-s3.md * adds updated screenshot for new policy and note regarding listing buckets for plugin * adds cleaner screenshot * deleting unused png --------- Co-authored-by: Miriam Goldman <miriamgoldman@pantheon.io> Co-authored-by: Steve Persch <steve.persch@pantheon.io>
pantheon-systems · Jun 14, 2024 · c2f19b9 · c2f19b9
1 parent d3e6a9e
commit c2f19b9
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 10 deletions.
diff --git a/source/content/guides/wordpress-developer/07-wordpress-s3.md b/source/content/guides/wordpress-developer/07-wordpress-s3.md
@@ -75,31 +75,33 @@ You must configure the service within your [AWS Management Console](https://cons
      "Version": "2012-10-17",
      "Statement": [
        {
-         "Sid": "ObjectLevel",
+         "Sid": "VisualEditor0",
          "Effect": "Allow",
          "Action": [
-           "s3:PutObject",
-           "s3:GetObject",
-           "s3:DeleteObject"
+				"s3:PutObject",
+				"s3:GetObject",
+				"s3:DeleteObject",
+				"s3:PutObjectAcl"
          ],
          "Resource": "arn:aws:s3:::bucketname/*"
        },
        {
          "Sid": "BucketLevel",
          "Effect": "Allow",
          "Action": [
-           "s3:GetBucketPublicAccessBlock",
-           "s3:GetBucketOwnershipControls",
-           "s3:ListBucket",
-           "s3:GetBucketLocation"
+				"s3:GetBucketPublicAccessBlock",
+				"s3:PutBucketPublicAccessBlock",
+				"s3:PutBucketOwnershipControls",
+				"s3:GetBucketOwnershipControls",
+				"s3:GetBucketLocation"
          ],
          "Resource": "arn:aws:s3:::bucketname"
        }
      ]
    }
    ```
 
-   ![Create AWS S3 access step 2](../../../images/guides/s3-access2.png)
+   ![Create AWS S3 access step 2](../../../images/guides/s3-access2-updated.png)
 
 1. Enter your policy name in the **Policy name** field (for example, Pantheons3Access) and then click **Create Policy**.
 
@@ -117,7 +119,7 @@ You must configure the service within your [AWS Management Console](https://cons
 
    <Alert title="Note" type="info">
 
-   Steps 1-3 create a custom AWS User policy with read and write permissions to the specific bucket assigned to your site. You can select the **AmazonS3FullAccess** policy to replace the custom policy that you created if you require higher permissions.
+   Steps 1-3 create a custom AWS User policy with read and write permissions to the specific bucket assigned to your site. You can select the **AmazonS3FullAccess** policy to replace the custom policy that you created if you require higher permissions (example: listing buckets in the WP Offload Media plugin).
 
    </Alert>
 

diff --git a/source/images/guides/s3-access2-updated.png b/source/images/guides/s3-access2-updated.png
diff --git a/source/images/guides/s3-access2.png b/source/images/guides/s3-access2.png