From 64aa488f4ab75849116a563226421daedb9889b1 Mon Sep 17 00:00:00 2001
From: Sam Tavakoli <sam.tavakoli@form3.tech>
Date: Fri, 26 Mar 2021 12:06:00 +0000
Subject: [PATCH] Add IAM role S3 bucket policy example to documentation

Quick overview for what permissions are requried by the controller.

Signed-off-by: Sam Tavakoli <sam.tavakoli@form3.tech>
---
 docs/spec/v1beta1/buckets.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/docs/spec/v1beta1/buckets.md b/docs/spec/v1beta1/buckets.md
index fc9f566c..5a4468b3 100644
--- a/docs/spec/v1beta1/buckets.md
+++ b/docs/spec/v1beta1/buckets.md
@@ -204,6 +204,28 @@ spec:
 > **Note:** that on EKS you have to create an IAM role for the source-controller
 > service account that grants access to the bucket.
 
+### AWS IAM bucket policy example
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "",
+            "Effect": "Allow",
+            "Action": "s3:GetObject",
+            "Resource": "arn:aws:s3:::podinfo/*"
+        },
+        {
+            "Sid": "",
+            "Effect": "Allow",
+            "Action": "s3:ListBucket",
+            "Resource": "arn:aws:s3:::podinfo"
+        }
+    ]
+}
+```
+
 ## Status examples
 
 Successful download: