From 3b2ae56475403c55a7c443e298cbb45eff22473d Mon Sep 17 00:00:00 2001
From: Mars Lan <mars.th.lan@gmail.com>
Date: Wed, 9 Oct 2024 14:13:06 -0700
Subject: [PATCH] Update README.md

---
 metaphor/s3/README.md | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/metaphor/s3/README.md b/metaphor/s3/README.md
index b78e37b5..6e1afbc8 100644
--- a/metaphor/s3/README.md
+++ b/metaphor/s3/README.md
@@ -4,7 +4,29 @@ This connector extracts technical metadata from a S3 compatible object storage.
 
 ## Setup
 
-You must specify an AWS user credential to access S3 API. You can also specify a role ARN and let the connector assume the role before accessing AWS APIs.
+We recommend creating a dedicated AWS IAM user for the crawler with limited permissions based on the following IAM policy:
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement":
+    [
+        {
+            "Effect": "Allow",
+            "Action":
+            [
+                "s3:GetObject",
+                "s3:ListBucket"
+            ],
+            "Resource":
+            [
+                "arn:aws:s3:::<bucket>",
+                "arn:aws:s3:::<bucket>/*"
+            ]
+        }
+    ]
+}
+```
 
 ## Config File