fix code samples [netlify-ignore]

markzegarelli · markzegarelli · commit 3bbe32450d85 · 2021-03-31T11:21:28.000-07:00
diff --git a/src/connections/data-residency.md b/src/connections/data-residency.md
@@ -67,72 +67,48 @@ To begin with Local Data Storage, complete the following steps in your AWS accou
     Segment requires this access to write raw data to your regionally hosted S3 bucket. Specifically, this allows Segment (as the Segment S3-copy user) to use `s3:PutObject`. To enable encryption at rest, use the default S3 mechanism. If you have server-side encryption enabled with AWS KMS managed keys, see the additional [required configuration step](/docs/connections/storage/catalog/amazon-s3/#encryption). To edit the bucket policy, right-click the bucket name in the AWS management console, and select **Edit policy**.
 
 4. Create a new IAM role in your AWS account with a trust relationship to the role which allows Segment to use the Segment `workspace_id` as `externalID`.
+5. Attach this IAM policy to the role defined in Step 4.
   ```json
-  {
-    "Version": "2012-10-17",
-    "Statement": [
-      {
-        "Sid": "",
-        "Effect": "Allow",
-        "Principal": {
-          "AWS": [
-            "arn:aws:iam::595280932656:role/segment-regional-archives-production-access"
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Sid": "ListObjectsInBucket",
+          "Effect": "Allow",
+          "Action": "s3:ListBucket",
+          "Resource": [
+            "arn:aws:s3:::YOUR_BUCKET_NAME"
           ]
         },
-        "Action": "sts:AssumeRole",
-        "Condition": {
-          "StringEquals": {
-            "sts:ExternalId": [
-              "YOUR_WORKSPACE_ID"
-            ]
-          }
+        {
+          "Sid": "AllObjectActions",
+          "Effect": "Allow",
+          "Action": "s3:*Object*",
+          "Resource": [
+            "arn:aws:s3:::YOUR_BUCKET_NAME/*",
+          ]
         }
-      }
-    ]
-  }
-  ```
-5. Attach this IAM policy to the role defined in Step 4.
-  ```json
-  {
-    "Version": "2012-10-17",
-    "Statement": [
-      {
-        "Sid": "ListObjectsInBucket",
-        "Effect": "Allow",
-        "Action": "s3:ListBucket",
-        "Resource": [
-          "arn:aws:s3:::YOUR_BUCKET_NAME"
-        ]
-      },
-      {
-        "Sid": "AllObjectActions",
-        "Effect": "Allow",
-        "Action": "s3:*Object*",
-        "Resource": [
-          "arn:aws:s3:::YOUR_BUCKET_NAME/*",
-        ]
-      }
-    ]
-  }
+      ]
+    }
   ```
   This access allows Segment to run local deletions jobs from regionally hosted data for a given user ID.
 
 6. If you are using KMS encryption on your S3 bucket, add the following policy to the IAM role:
   ```json
-  {
-    "Version": "2012-10-17",
-    "Statement": [
-      {
-          "Sid": "AllowKMS",
-          "Effect": "Allow",
-          "Action": [
-            "kms:GenerateDataKey",
-            "kms:Decrypt"
-          ],
-          "Resource": "$YOUR_KEY_ARN"
-      }
-    ]
-  }
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+            "Sid": "AllowKMS",
+            "Effect": "Allow",
+            "Action": [
+              "kms:GenerateDataKey",
+              "kms:Decrypt"
+            ],
+            "Resource": "$YOUR_KEY_ARN"
+        }
+      ]
+    }
   ```
 
 ### Local Data Storage configuration
