chartmuseum: Unable to start docker image

I believe that more details about how the tool woks is needed: [1] What is the basic set of IAM permissions needed to work with this? [1] Will the tool work with aws profiles (as per the existing example mounting ~/.aws in the docker image) [1] How is the bucket accessed? Is the data replicated and then served?

Example that didn’t work for me, but worked for calling the API: policy attached to the assumed role:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": "arn:aws:s3:::*"
        }
    ]
}

~/.aws/config contains:

[profile default]
role_arn = arn:aws:iam::00redacted000:role/ReadCharts
source_profile = default

~/.aws/credentials contains the standard credentials set.

commad used: docker run -p 8080:8080 -v ~/.aws:/root/.aws:ro chartmuseum/chartmuseum:latest --debug --port=8080 --storage="amazon" --storage-amazon-bucket="mycompany-helmcharts" --storage-amazon-prefix="" --storage-amazon-region="eu-central-1"

error:

2017-10-05T09:45:33.255Z	DEBUG	chartmuseum/server.go:166	Acquiring storage cache lock
2017-10-05T09:45:33.255Z	DEBUG	chartmuseum/server.go:168	Storage cache lock acquired
2017-10-05T09:45:33.613Z	DEBUG	chartmuseum/server.go:170	Releasing storage cache lock
AccessDenied: Access Denied
	status code: 403, request id: CxxxxredactedxxxxBA, host id: c1EDzxxxxxxxredactedxxxxxxx7X+e0xxxxxxxxxRlMl8=