Create sharing policy

Only the Retailer should follow the instructions on this page.

It will be necessary for consortium members to share the public keys of their client certificates with each other during the setup of the main channel. To facilitate this exchange, the Retailer will now create an S3 bucket and grant read/write access to the other members. Each member will upload their public keys to this bucket and download the other members’ public keys.

Then let’s create the bucket.

aws s3api create-bucket --bucket $BUCKET_NAME --region $AWS_DEFAULT_REGION

Then the Retailer should execute the following commands to grant access to this bucket to the other members:

cd
cat <<EOT > s3access.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam::$SUPPLIER_AWS_ID:root"
        ]
      },
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:PutObjectAcl"
      ],
      "Resource": [
        "arn:aws:s3:::$BUCKET_NAME/*"
      ]
    }
  ]
}
EOT
aws s3api put-bucket-policy --bucket $BUCKET_NAME --policy file://s3access.json