1. Create a dedicated AWS User whose credentials will be used in AVflow
Go to: https://console.aws.amazon.com/iam/home
Select Users menu item from the left navigation
Select Add user create a dedicated user for AVflow,
Select Programmatically access
Select Next tag
Select Next : Review
Then select Create user
The new user is created now. Just download the credential as you will need it to allow AVflow to access your AWS resource.
2. Specify the permissions for the created User and restrict access to the target bucket only.
Go back to https://console.aws.amazon.com/iam/home and select Users from left navigation
Select newly created user.
Select Add inline policy
Select tab JSON
Edit the JSON as below example to allow the current user to have all access to your S3 bucket (In this example named "my-bucket").
Select "Review policy", add policy name then select Create policy
All the settings to allow AVflow to access to S3 bucket are done now. Just make sure that the bucket specified in the policy is an existing and valid one.
Your credentials are encrypted and private, even AVflow's team has no access to them.
The access to "arn:aws:s3:::ffmpeg-transcode-prod" resource is allow system copy the result from AVflow bucket named "ffmpeg-transcode-prod" to your bucket.