Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

There are many ways to use AWS S3, but for this simple example, you’ll just need to create two resources: IAM User and S3 Bucket.

Creating an IAM User

Navigate to the IAM service using the AWS web console.

On the left, click Users.

2024-07-15_16-40.png

Here, you can see any existing IAM Users for your AWS account.

Click Create User.

2024-07-15_16-40_1.png

Give your IAM User a name. I typically match the name closely to the bucket I plan to give it access to.

2024-07-15_16-41.png

Since we cannot use groups in the bucket policy we’ll be creating later, we can select the option to Attach policies directly.

2024-07-15_17-00.png

On the next screen, I like to tag my resources with some common value. For this example, I’ll use project: myproject. Then click Create user.

2024-07-15_17-02_1.png

Next, we need to create access keys for this user.

2024-07-15_16-45.png

Select the Security credentials tab.

2024-07-15_16-45_1.png

Scroll down and click Create access key.

2024-07-15_16-46.png

Select Other for the type of key, we just want a plain access key.

2024-07-15_16-46_1.png

On this next page, make sure to copy down the Access key and the Secret access key to a secure location such as a password manager. After this page, you can no longer see the secret key. When you have them, click Done.

2024-07-15_16-48.png

The last piece of information you’ll need is the ARN (Amazon Resource Name) of the IAM User.

2024-07-15_16-52.png

Creating an S3 Bucket

Now that your IAM User is created and configured, we can create an S3 bucket and attach a policy that allows that user to read/write all data in the bucket.

From the service catalog, select S3.

You’ll see a listing of all your buckets. Click Create bucket.

2024-07-15_16-35.png

Give the bucket a name that conforms to the naming policy they mention next to the field. I’ll use uomyproject.

2024-07-15_16-36.png

Leave all the other settings as defaults. I chose to add the project: myproject tag to this bucket as well.

2024-07-15_16-37_2.png

Once your bucket is created, you’ll be back at the S3 bucket list. Click on your new bucket to configure it.

2024-07-15_16-38_1.png

We need to add the IAM user to the bucket policy. Click the Permissions tab.

2024-07-15_16-39.png

Scroll down to the Bucket policy section and click Edit.

2024-07-15_16-39_1.png

This is the policy for my bucket. You’ll need to change a few elements in this policy:

  • The AWS field needs to be your IAM User ARN you copied earlier

  • The two Resource entries should use your Bucket name

You can see for this example, my IAM User ARN is arn:aws:iam::492329369658:user/uomyprojects3user and my Bucket name is uomyproject.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::492329369658:user/uomyprojects3user"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::uomyproject",
                "arn:aws:s3:::uomyproject/*"
            ]
        }
    ]
}

Save the policy.

Accessing your S3 Bucket

See [link here] on how to easily access your S3 bucket files.

See [link here] on how to mount your S3 bucket to your filesystem.

  • No labels