Authorizing Loco to access your AWS resources

This page applies to S3 deployment and SNS notifications.

Both features are in beta and require an invite.

Automated services that access your AWS resources require that we store access credentials on our servers. There are two ways to do this.

1. IAM Users - stored access credentials
2. IAM Roles - short lived session authorization

See Amazon's IAM documentation.

IAM Users

• From the AWS console, navigate to IAM > Access Management > Users.
• Set up a user with only the minimum privileges required.
• Generate an access key from the user's Security credentials tab.
• Enter the key and secret into the Loco interface.

IAM Roles

This is currently in development.

Required permissions

When setting up a user (or role) you will have to use the AWS permission policy editor. Specify only the minimum permissions Loco needs to do its job.

• S3 deployment
  s3:PutObject and s3:PutAcl are required to deploy files.
  s3:ListBucket is required to verify that a bucket exists.
  We recommend the bucket you use for your Loco translation files is not used for anything else.

• SNS notification
  SNS:Publish is required to notify a topic. Loco doesn't need to manage the topic, or its subscriptions.