Skip to content
This repository was archived by the owner on May 5, 2025. It is now read-only.

Commit b3b1dc5

Browse files
antoinecoantoineco
authored
Clarify ARN requirements for AWS S3 source (#121)
1 parent 21d5f8c commit b3b1dc5

File tree

1 file changed

+12
-8
lines changed

1 file changed

+12
-8
lines changed

docs/sources/awss3.md

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -14,13 +14,17 @@ bucket][s3-create].
1414

1515
A fully qualified ARN is required to uniquely identify the Amazon S3 bucket.
1616

17-
The ARN displayed in the AWS Console has the format `arn:aws:s3:::{bucketName}`. This ARN unfortunately lacks two
18-
essential informations: the [AWS region][aws-region] and the [account ID][aws-acc-id], which must both be included into
19-
the ARN by using the more complete format below:
17+
!!! warning
18+
The ARN displayed in the AWS Console, which has the format `arn:aws:s3:::{bucket_name}`, lacks some essential
19+
information: the [AWS region][aws-region] and the [account ID][aws-acc-id]. Both must be included in the ARN by
20+
using the more complete format below:
2021

21-
```
22-
arn:aws:s3:{awsRegion}:{awsAccountId}:{bucketName}
23-
```
22+
```
23+
arn:aws:s3:{aws_region}:{aws_account_id}:{bucket_name}
24+
```
25+
26+
Without the region and account ID, this event source would be unable to set an accurate identity-based access policy
27+
on the SQS queue described in the [SQS Queue](#sqs-queue-optional) section of this document.
2428

2529
![S3 Bucket ARN](../images/awss3-source/arn-region-1.png)
2630

@@ -97,8 +101,8 @@ for you (see next section for more information):
97101
The TriggerMesh event source for Amazon S3 configures the S3 bucket to send [event notifications][s3-dest] to an [Amazon
98102
SQS queue][sqs-docs].
99103

100-
By default, the source creates and manages a SQS queue for that purpose on behalf of the user. A policy is set on that
101-
SQS queue to only accept messages originating from the configured S3 bucket.
104+
By default, the source creates and manages a SQS queue for that purpose on behalf of the user. An identity-based policy
105+
is set on that SQS queue to only accept messages originating from the configured S3 bucket.
102106

103107
Alternatively, in case you prefer not to delegate this responsibility to the event source, it is possible to provide
104108
your own SQS queue as an event destination. In this scenario, it is your own responsibility to configure the queue

0 commit comments

Comments
 (0)