How to Send Reports via AWS S3 – Podscribe

Podscribe lets you choose how and where your reports are delivered — whether to your inbox or directly to your AWS S3 bucket for secure, automated access.

Overview

When generating a report in Podscribe, you’ll see a new option, “Send via AWS S3.”

Selecting this allows you to define your own S3 bucket where Podscribe will upload your report files.

This is useful if:

You want all your reports stored in one secure, cloud-accessible folder for easy retrieval and sharing.

You need automated delivery of reports for integration with analytics tools.

You value advanced security and access controls.

Once configured, every report you generate will automatically be delivered to your S3 bucket.

Configuration Options

There are two ways to authorize Podscribe to send reports to your S3 bucket:

Option 1: IAM Role (Recommended) – Secure and uses no static credentials.

Option 2: IAM User + Access Keys – Easier, but less secure. Use only if you can’t create roles.

Option 1: IAM Role (Recommended)

Step 1: Create an S3 Bucket

If you don’t already have one:

aws s3api create-bucket --bucket <your-bucket-name> --region <region> \
  --create-bucket-configuration LocationConstraint=<region>

Step 2: Enable Bucket Ownership Enforcement

Prevents ownership and ACL issues.

aws s3api put-bucket-ownership-controls --bucket <your-bucket-name> \
  --ownership-controls 'Rules=[{ObjectOwnership=BucketOwnerEnforced}]'

Step 3: Create an IAM Role for Podscribe

Important: For security reasons, the IAM role name must match this pattern:

arn:aws:iam::*:role/podscribe-report-upload-*

Save this as trust-policy.json.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": { "AWS": "arn:aws:iam::484618524793:role/podscribe-s3-uploader" },
      "Action": "sts:AssumeRole"
    }
  ]
}

Create the role:

aws iam create-role \
  --role-name podscribe-report-upload-my-role \
  --assume-role-policy-document file://trust-policy.json

Step 4: Attach a Permissions Policy to the Role

Replace <your-bucket-name> below with your bucket name:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::<your-bucket-name>",
        "arn:aws:s3:::<your-bucket-name>/*"
      ]
    }
  ]
}

Attach it:

aws iam put-role-policy \
  --role-name podscribe-report-upload-my-role \
  --policy-name PodscribeS3UploadPolicy \
  --policy-document file://s3-upload-policy.json

Step 5: Specify the following in “Send via AWS S3” of “Generate Report” modal

Bucket Name: <your-bucket-name>

Role ARN: arn:aws:iam::<your-account-id>:role/podscribe-report-upload-my-role

👉 That’s it! Podscribe will securely assume this role and upload reports directly to your S3.

Option 2: IAM User + Access Keys

Use this only if you cannot create a role.

Create an IAM User (named e.g. PodscribeUploader):

aws iam create-user --user-name PodscribeUploader

Attach a permissions policy to the user (replace <your-bucket-name>):

Save as s3-user-policy.json:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::<your-bucket-name>",
        "arn:aws:s3:::<your-bucket-name>/*"
      ]
    }
  ]
}

Attach it:

aws iam put-user-policy \
  --user-name PodscribeUploader \
  --policy-name PodscribeS3UploadPolicy \
  --policy-document file://s3-user-policy.json

Create access keys for the IAM user:

aws iam create-access-key --user-name PodscribeUploader

This will return:

{
  "AccessKey": {
    "AccessKeyId": "AKIA...",
    "SecretAccessKey": "abcd..."
  }
}

Specify the following in “Send via AWS S3” of “Generate Report” modal

Access Key ID

Secret Access Key

Bucket name

👉 We’ll configure our uploader with these credentials.

⚠️ Remember: Rotate and revoke these keys periodically to keep them secure.

Which Option Should I Choose?

Option	Security	Complexity	Recommended Use
IAM Role	✅ Highest	Moderate	Default / Preferred
IAM User + Keys	⚠️ Lower	Easier	Only if you can’t create roles

Where to Configure in Podscribe?

Once your bucket or keys are set up:

Go to Generate Report.

Click “Send via AWS S3.”

Enter your Role ARN or Access Keys and Bucket Name.

Save your settings.

Generate your report — it will automatically be uploaded to your S3 bucket.

Need help?

If you have any questions or need assistance setting up your S3 connection, reach out to us anytime at adops@podscribe.com.