Configure policies for AWS services

Use Privacera Access Management to configure resource-based services and add access policies to them.

In the Privacera Portal home page, go to the left navigation, and then click Launch Pad.
Click AWS Cli and follow the prompts. For more information about AWS CLi, see ???.

In the terminal prompt, enable the proxy.
```
~/privacera_aws.sh --enable-proxy
```

In the terminal prompt, list the contents of test-bucket. (${test-bucket}) is mentioned as an example across the document. You can change the bucket name as per your choice.
```
aws s3 ls s3://test-bucket
```
In the terminal prompt, copy a local file to test-bucket.
```
aws s3 cp srcFile.txt s3://test-bucket/dstFile.txt
```
It will show the following result: upload failed: ./srcFile.txt to s3://test-bucket/dstFile.txt An error occurred (403) when calling the PutObject operation: Forbidden. This indicates that the current user doesn’t have permission to perform this operation.

Create a policy to allow the user access to test-bucket for READ and WRITE operations.

In the Privacera Portal home page, go to the left navigation, and click Access Management > Resource Policies.
In the Resource Policies page, click privacera_s3.
Click Add New Policy.
Enter the following policy details in the fields:
- Policy Name: s3_test_policy
- Bucket Name: test-bucket (S3 Bucket Name)
- Object Path: * (File/Directory/Object Path Inside Bucket)
- In the Allow Conditions section, select:
  - In the Select User dropdown, select a username to which you want to grant access
  - In the Permissions section, click Add Permission, and select read, metadata read, write, and metadata write.
Click Save.

In the terminal prompt, copy the local file to test-bucket.
```
aws s3 cp srcFile.txt s3://test-bucket/dstFile.txt
```
Verify that the copy was successful.
```
aws s3 ls s3://test-bucket/
```

Privacera Platform