From 50c54ab76fee50a09a27f8cf7ef2277d96c474cf Mon Sep 17 00:00:00 2001
From: Vlad Ionescu <Vlaaaaaaad@users.noreply.github.com>
Date: Tue, 12 Nov 2019 17:11:05 +0200
Subject: [PATCH] Fix IAM Permissions example

The previous IAM example was incomplete and half a day was spent trying to find the minimal IAM policy required.

Changed the _Read and Write_ IAM example to a minimally-scoped IAM Policy, with multiple repositories per bucket example.
---
 README.md | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index ad671bd1..05db6c4f 100644
--- a/README.md
+++ b/README.md
@@ -74,17 +74,25 @@ for a CI that builds and pushes charts to your repository.
     "Version": "2012-10-17",
     "Statement": [
         {
+            "Sid": "files",
             "Effect": "Allow",
             "Action": [
-                "s3:ListBucket",
-                "s3:GetObject",
+                "s3:PutObjectAcl",
                 "s3:PutObject",
+                "s3:GetObjectAcl",
+                "s3:GetObject",
                 "s3:DeleteObject"
             ],
             "Resource": [
-                "arn:aws:s3:::bucket-name",
-                "arn:aws:s3:::bucket-name/*"
+                "arn:aws:s3:::bucket-name/repository-name/*",
+                "arn:aws:s3:::bucket-name/repository-name"
             ]
+        },
+        {
+            "Sid": "bucket",
+            "Effect": "Allow",
+            "Action": "s3:ListBucket",
+            "Resource": "arn:aws:s3:::bucket-name"
         }
     ]
 }