Visual Policy Editor Guide for S3 IAM Permissions

This guide explains how to use the AWS visual policy editor to set up S3 bucket permissions for Vendia MCP Server.

Visual Steps (For Read and Write Access)

If you prefer to use the visual policy editor instead of JSON for Option B: Read and Write Access (see Creating Storage Connections), follow these steps:

Important

This policy grants both read and write access to the entire bucket at the IAM level. You can then use Vendia Access Policies to restrict AI agents to specific folders or file types — for example, allowing reads everywhere but limiting writes to designated output directories.

• Under Select a service, select S3 from the drop-down menu to set permissions for S3.

  

• Under Actions allowed, select:

  • ListBucket option under List
  • GetObject option under Read
  • PutObject option under Write

• Click Next.

  

• Under Resources, select Specific and add the ARNs for both the bucket and objects (e.g., arn:aws:s3:::my-s3-bucket and arn:aws:s3:::my-s3-bucket/*).

  

• Click Next and then Save changes.

Return to Creating Storage Connections to continue with the IAM and storage connection setup process.