Paperplane Docs
  • Welcome to Paperplane
  • Quickstart
  • Setting up an S3 bucket
  • Destinations & API keys
  • API reference
  • Customizing the PDF
  • Webhooks
  • Restricting AWS permissions
  • Guide: Header and footer templates
  • Guide: Styling documents for PDF and printing
  • Guide: Development workflow tips
  • Guide: Securing access to HTML documents
  • Guide: Serving PDFs to users from Amazon S3
  • Code samples
  • Rendering environment info
  • Legacy Docs
    • Setting up an S3 bucket (Legacy API Keys)
Powered by GitBook
On this page

Restricting AWS permissions

Learn how to lock down permissions so that Paperplane can only access certain S3 buckets.

In the quickstart guide, we recommended adding the "AmazonS3FullAccess" policy to your AWS user as a way of getting started quickly.

However, it's a good practice to be more restrictive in the permissions you grant to Paperplane. You can do this by using a custom policy.

This is an example of a custom policy which restricts access to one S3 bucket, giving Paperplane the minimum set of required permissions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PaperplanePermissions",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::myapp-bucket-name/*"
            ]
        }
    ]
}

Remember to change myapp-bucket-name to the name of your S3 bucket.

You can grant access to multiple buckets by adding more entries to the "Resource" array in the policy.

To create the custom policy, go to "Policies" within the IAM section of the AWS dashboard. Click "Create Policy" and paste the example policy above into the editor in the "JSON" tab. Alternatively you can use the visual policy builder.

Once the policy is saved, edit the Paperplane AWS user to associate it with the policy, either directly or via a group.

PreviousWebhooksNextGuide: Header and footer templates

Last updated 5 years ago