IAM Roles
Last updated
Was this helpful?
Last updated
Was this helpful?
You'll need to create two IAM Roles - one for tg-app and the other for tg-bot instances. The roles will be assigned to the launched tg-app and tg-bot instances and give them the necessary access rights.
You can manage IAM Roles from the Roles page of the AWS IAM console at
Create a role named tg-app and assign the following policy to it:
Replace YOUR_MEDIA_S3_BUCKET and YOUR_USER_FILES_S3_BUCKET below with the name of the buckets you created earlier.
If you are using an AWS Key Management Service key for encrypting objects in the S3 buckets, replace YOUR_KMS_KEY_ARN below with the key's ARN.
If you are not using encryption, or using Amazon S3-managed keys, then remove the entire section of the policy granting permission to kms action.
Create a role named tg-bot and assign the following policy to it:
Replace YOUR_MEDIA_S3_BUCKET and YOUR_USER_FILES_S3_BUCKET below with the name of the buckets you created earlier.
If you are using an AWS Key Management Service key for encrypting objects in the S3 buckets, replace YOUR_KMS_KEY_ARN below with the key's ARN.
If you are not using encryption, or using Amazon S3-managed keys, then remove the entire section of the policy granting permission to kms action.