Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

There are many ways to use AWS S3, but for this simple example, you’ll just need to create two resources: IAM User and S3 Bucket.

Creating an IAM User

Navigate to the IAM service using the AWS web console.

On the left, click Users.

2024-07-15_16-40.png

Here, you can see any existing IAM Users for your AWS account.

Click Create User.

2024-07-15_16-40_1.png

Give your IAM User a name. I typically match the name closely to the bucket I plan to give it access to.

2024-07-15_16-41.png

Since we cannot use groups in the bucket policy we’ll be creating later, we can select the option to Attach policies directly.

2024-07-15_17-00.png

On the next screen, I like to tag my resources with some common value. For this example, I’ll use project: myproject. Then click Create user.

2024-07-15_17-02_1.png

Next, we need to create access keys for this user.

2024-07-15_16-45.png

Select the Security credentials tab.

2024-07-15_16-45_1.png

Scroll down and click Create access key.

2024-07-15_16-46.png

Select Other for the type of key, we just want a plain access key.

2024-07-15_16-46_1.png

On this next page, make sure to copy down the Access key and the Secret access key to a secure location such as a password manager. After this page, you can no longer see the secret key. When you have them, click Done.

2024-07-15_16-48.png

The last piece of information you’ll need is the ARN (Amazon Resource Name) of the IAM User.

2024-07-15_16-52.png

Creating an S3 Bucket

Now that your IAM User is created and configured, we can create an S3 bucket and attach a policy that allows that user to read/write all data in the bucket.

From the service catalog, select S3.

You’ll see a listing of all your buckets. Click Create bucket.

2024-07-15_16-35.png

Give the bucket a name that conforms to the naming policy they mention next to the field. I’ll use uomyproject.

2024-07-15_16-36.png

Leave all the other settings as defaults. I chose to add the project: myproject tag to this bucket as well.

2024-07-15_16-37_2.png

Once your bucket is created, you’ll be back at the S3 bucket list. Click on your new bucket to configure it.

2024-07-15_16-38_1.png

We need to add the IAM user to the bucket policy. Click the Permissions tab.

2024-07-15_16-39.png

Scroll down to the Bucket policy section and click Edit.

2024-07-15_16-39_1.png

This is the policy for my bucket. You’ll need to change a few elements in this policy:

  • The AWS field needs to be your IAM User ARN you copied earlier

  • The two Resource entries should use your Bucket name

You can see for this example, my IAM User ARN is arn:aws:iam::492329369658:user/uomyprojects3user and my Bucket name is uomyproject.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::492329369658:user/uomyprojects3user"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::uomyproject",
                "arn:aws:s3:::uomyproject/*"
            ]
        }
    ]
}

Save the policy.

Accessing your S3 Bucket

See Accessing your S3 files on how to easily access your S3 bucket files.

See Mounting your S3 Bucket to your filesystem on how to mount your S3 bucket to your filesystem.

  • No labels