Creating and Configuring an Amazon AWS S3 Bucket
There are many ways to use AWS S3, but for this simple example, you’ll just need to create two resources: IAM User and S3 Bucket.
Creating an IAM User
Navigate to the IAM service using the AWS web console.
On the left, click Users.
Here, you can see any existing IAM Users for your AWS account.
Click Create User.
Give your IAM User a name. I typically match the name closely to the bucket I plan to give it access to.
Since we cannot use groups in the bucket policy we’ll be creating later, we can select the option to Attach policies directly.
On the next screen, I like to tag my resources with some common value. For this example, I’ll use project: myproject
. Then click Create user.
Next, we need to create access keys for this user.
Select the Security credentials tab.
Scroll down and click Create access key.
Select Other for the type of key, we just want a plain access key.
On this next page, make sure to copy down the Access key and the Secret access key to a secure location such as a password manager. After this page, you can no longer see the secret key. When you have them, click Done.
The last piece of information you’ll need is the ARN (Amazon Resource Name) of the IAM User. Copy this down somewhere as you’ll need to paste it into the bucket policy soon.
Creating an S3 Bucket
Now that your IAM User is created and configured, we can create an S3 bucket and attach a policy that allows that user to read/write all data in the bucket.
From the service catalog, select S3.
You’ll see a listing of all your buckets. Click Create bucket.
Give the bucket a name that conforms to the naming policy they mention next to the field. I’ll use uomyproject
.
Leave all the other settings as defaults. I chose to add the project: myproject
tag to this bucket as well.
Once your bucket is created, you’ll be back at the S3 bucket list. Click on your new bucket to configure it.
We need to add the IAM user to the bucket policy. Click the Permissions tab.
Scroll down to the Bucket policy section and click Edit.
This is the policy for my bucket. You’ll need to change a few elements in this policy:
The
AWS
field needs to be your IAM User ARN you copied earlierThe two
Resource
entries should use your Bucket name
You can see for this example, my IAM User ARN is arn:aws:iam::492329369658:user/uomyprojects3user
and my Bucket name is uomyproject
.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::492329369658:user/uomyprojects3user"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::uomyproject",
"arn:aws:s3:::uomyproject/*"
]
}
]
}
Save the policy.
Accessing your S3 Bucket
See Accessing your S3 files on how to easily access your S3 bucket files.
See Mounting your S3 Bucket to your filesystem on how to mount your S3 bucket to your filesystem.