Chris Sereno
Blog Tags Categories About
Chris Sereno

Contents

Host Unifi Video on AWS Part 2 - Create IAM Role

 included in AWS Unifi
   183 words   One minute 
/images/ubiquity_nvr.png
Contents

Part 1 of this series outlined the architecture, which is then followed by creating the IAM group, user, and policy the EC2 will use to place recorded video in the S3 bucket.

  1. Open the IAM console
  2. Create a group (I named mine ‘unifi’)
  3. Attach a policy to the group. This is an example policy that I created in the visual editor. You can open it or restrict it to fit your specific needs as this is not the most restrictive policy example.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketObjectLockConfiguration",
                "s3:PutLifecycleConfiguration",
                "s3:DeleteObject",
                "s3:ListMultipartUploadParts",
                "s3:GetObject",
                "s3:PutObject",
                "s3:PutBucketObjectLockConfiguration",
                "s3:GetLifecycleConfiguration",
                "s3:GetInventoryConfiguration",
                "s3:ListBucket",
                "s3:PutEncryptionConfiguration",
                "s3:GetEncryptionConfiguration",
                "s3:AbortMultipartUpload",
                "s3:GetObjectTagging",
                "s3:ListBucketMultipartUploads",
                "s3:UpdateJobStatus",
                "s3:PutInventoryConfiguration",
                "s3:PutObjectRetention",
                "s3:GetBucketLocation",
            ],
            "Resource": "arn:aws:s3:::<UNIFI-BUCKET>"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:GetAccountPublicAccessBlock",
                "s3:ListAllMyBuckets",
                "s3:ListJobs",
                "s3:CreateJob",
                "s3:HeadBucket"
            ],
            "Resource": "*"
        }
    ]
}
  1. Create a user (Can be the same name or something different)
    a. Select programmatic access
    b. Assign the user to the group you created in Step 2
    c. Finish the config options to your liking

Create your S3 bucket in Part 3

Updated on 2021-05-05  a64c7e8
Read Markdown
 awsubiquitiunifivideoec2S3cams
Back | Home