From 72b4c308b470eb0622b66647c1f4a03a679273b2 Mon Sep 17 00:00:00 2001
From: Maximilian Gutwein <maximilian@gutwe.in>
Date: Mon, 21 Oct 2024 21:21:39 +0200
Subject: [PATCH] Add restic S3 Policy

---
 restic-s3.policy | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 restic-s3.policy

diff --git a/restic-s3.policy b/restic-s3.policy
new file mode 100644
index 0000000..5e219f1
--- /dev/null
+++ b/restic-s3.policy
@@ -0,0 +1,29 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:PutObject",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::<BUCKET>",
+        "arn:aws:s3:::<BUCKET>/*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": "s3:DeleteObject",
+      "Resource": "arn:aws:s3:::<BUCKET>/locks/*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:ListBucket",
+        "s3:GetBucketLocation"
+      ],
+      "Resource": "arn:aws:s3:::<BUCKET>"
+    }
+  ]
+}