Amazon S3 (Simple Storage Service) is a robust and scalable cloud storage solution businesses and developers use worldwide. However, to securely manage and organize resources in AWS, it’s crucial to use the Identity and Access Management (IAM) service effectively. This guide walks you through setting up full S3 access for a new IAM user and creating an S3 bucket.
Step 1: Logging into AWS as the Root User
To begin, log in to your AWS Management Console using the root user credentials. Since the root user has unrestricted access, it is best to use this account only for initial setup and account management tasks.
- Navigate to AWS Login.
- Enter your root account email and password.
- Once logged in, consider enabling multi-factor authentication (MFA) for enhanced security.
Step 2: Creating a New IAM User
An IAM user is essential for securely delegating access to AWS resources. Here’s how to create one:
- Go to the IAM Dashboard:
- From the AWS Management Console, search for and open the IAM service.
- Create a New User:
- Click on Users in the left-hand navigation pane.
- Select Add users.
- Enter a username (e.g., S3AdminUser).
- Under Access type, choose Programmatic access (for API/CLI access) or AWS Management Console access (for GUI access), depending on your needs.
- Set a custom password if choosing console access.
- Permissions:
- Skip permission assignment for now by selecting Attach policies later.
- Review and Create:
- Review your configurations and click Create user.
- Download the .csv file containing the user’s Access Key ID and Secret Access Key for future use.
Step 3: Crafting a Policy for Full S3 Access
AWS IAM policies define the actions a user can perform on AWS services. To provide full S3 access:
- Open the IAM Policies Page:
- Navigate to Policies in the IAM dashboard.
- Click Create policy.
- Define the Policy:
Use the following JSON code for full S3 access:
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: “s3:*”,
“Resource”: “*”
}
]
}
- Click Next and give the policy a name, such as FullS3AccessPolicy.
- Review and Create:
- Review the details and click Create Policy.
Step 4: Attaching the Policy to the New IAM User
With the policy created, the next step is attaching it to the IAM user.
- Navigate to the User:
- Return to the Users section in the IAM dashboard.
- Click on the username you created (e.g., S3AdminUser).
- Attach Policy:
- Select the Permissions tab.
- Click Add permissions > Attach existing policies directly.
- Search for the FullS3AccessPolicy created earlier and select it.
- Click Next and then Add permissions.
Step 5: Logging in as the New IAM User and Creating an S3 Bucket
Finally, use the new IAM user’s credentials to log in and create an S3 bucket.
- Login with the New IAM User:
- Use the AWS sign-in page for IAM users (URL: https://<YourAWSAccountID>.signin.aws.amazon.com/console).
- Enter the IAM user’s credentials.
- Navigate to the S3 Service:
- Once logged in, search for and open the S3 service from the AWS Management Console.
- Create an S3 Bucket:
- Click Create bucket.
- Enter a unique bucket name (e.g., my-unique-bucket-name).
- Choose a region where the bucket will be created.
- Configure other settings like public access and encryption as needed.
- Click Create bucket.
Conclusion
You’ve successfully set up full S3 access for a new IAM user and created an S3 bucket. Assigning specific roles and policies enhances your cloud security posture while ensuring operational flexibility.
References
Example 1: Bucket owner granting its users bucket permissions