S3 access and data retrieval

What permissions do I need to complete the bucket registration with LegacyFlo?

During the registration of a bucket, LegacyFlo needs to confirm that the bucket name and region provided are correct. 

To allow LegacyFlo access to that information, the following policy has to be added to the existing policies during the registration process.

{
    "Version": "2012-10-17",
    "Id": "BucketPolicy",
    "Statement": [
        {
            "Sid": "LegacyfloGetBucketRegionStatement",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::************:root"
                "Service": apigateway.amazonaws.com"

            },
            "Action": "s3:GetBucketLocation",
            "Resource": "arn:aws:s3:::<CLIENT_BUCKET_NAME>"
        }
    ]
}

NOTES: 

1. The Principal here is the AWS account in which LegacyFlo runs. Please contact the Customer Care team for the details. The access will be via the apigateway service

2. In the resource <CLIENT_BUCKET_NAME> has to be replaced with your bucket name

The steps to do so are as follows:

1. Select the bucket from the AWS console
2. Go to the Permissions tab
3. Scroll down to Bucket Policy and click Edit
4. Add the above policy to any existing policies.

IMPORTANT: This policy can be removed after successful registration

How do I grant read access to my S3 bucket to LegacyFlo?

To grant read access to the LegacyFlo application

1. Login to your AWS account
2. From the AWS interface, choose the S3 bucket
3. Select the Object which is the data file to be imported.
4. In Permissions, select Access Control list and Access for other AWS Accounts.
5. Click on Add Account.
6. For the email address or canonical ID, specify "support@mithi.com" OR  the canonical id of the LegacyFlo account. Please contact the Customer Care team for the details of the canonical id.
7. Enable Read/List Objects
8. Click on Save

How do I grant write access to my S3 bucket to LegacyFlo?

To grant write access to the LegacyFlo application

1. Login to your AWS account
2. From the AWS interface, choose the S3 bucket
3. In Permissions, select Access Control list and Access for other AWS Accounts.
4. Click on Add Account.
5. For the email address or canonical ID, specify "support@mithi.com" OR he canonical id of the LegacyFlo account. Please contact the Customer Care team for the details of the canonical id.
6. Enable Write/List Objects
7. Click on Save

Can I revoke the permissions given to LegacyFlo to access my S3 bucket?

Yes, after the migration is over you can revoke the access.

How do I download files from S3 bucket using AWS console?

Refer the Amazon S3 Console User Guide to know the steps.

How to download files created by LegacyFlo on my S3 bucket?

When you give access to the S3 bucket to LegacyFlo to upload files, you may not be able to download till you disable the ACL which allows LegacyFlo access to the bucket. The steps to do so are as given below.

Note: The ACLs have to be restored if more LegacyFlo requests are to be executed.

1. Go to the S3 bucket Permissions tab and edit the ACL

2. Remove the Access to other AWS accounts and save it.

3. Go to Bucket Permissions Tab and select Edit Object Ownership and choose  ACLs disabled and Save Changes.

4. Now, you can able to download the S3 objects.