From 14796b734d19acea2b1c41108c9cb7f840f5a4b0 Mon Sep 17 00:00:00 2001 From: chrisRedwine Date: Mon, 16 Sep 2024 22:26:08 -0500 Subject: [PATCH] chore(docs): Add notes about when S3 PutObjectTagging permission is needed for the IAM policy Signed-off-by: chrisRedwine --- README.md | 6 ++++-- backupstoragelocation.md | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 17a2c4c..be52fbc 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,8 @@ For more information, see [the AWS documentation on IAM users][10]. If you'll be using Velero to backup multiple clusters with multiple S3 buckets, it may be desirable to create a unique username per cluster rather than the default `velero`. -2. Attach policies to give `velero` the necessary permissions: +2. Attach policies to give `velero` the necessary permissions (note that `s3:PutObjectTagging` is only needed + if you make use of the `config.tagging` field in the `BackupStorageLocation` spec): ``` cat > velero-policy.json < diff --git a/backupstoragelocation.md b/backupstoragelocation.md index 1dbcfcb..23ad1f9 100644 --- a/backupstoragelocation.md +++ b/backupstoragelocation.md @@ -112,7 +112,8 @@ spec: enableSharedConfig: "true" # Tags that need to be placed on AWS S3 objects. - # For example "Key1=Value1&Key2=Value2" + # For example, "Key1=Value1&Key2=Value2". + # This requires the IAM policy to have the "s3:PutObjectTagging" permission on the S3 bucket. # # Optional (defaults to empty "") tagging: ""