Automating AWS IAM Users and S3 Buckets Creation with Python: A Beginner’s Guide

Introduction to AWS IAM and S3 Buckets

Amazon Web Services (AWS) offers robust tools for efficiently managing cloud resources. AWS Identity and Access Management (IAM) is a service that helps you securely control access to AWS resources. At the same time, Amazon S3 (Simple Storage Service) provides scalable, durable, and highly available object storage. Together, they empower developers to build secure, high-performing applications.

This guide walks you through creating an IAM user and an S3 bucket programmatically using Python and Boto3, the AWS SDK for Python.

Setting Up Your AWS Environment

Before diving into Python scripting, ensure your AWS environment is set up:

Create an AWS account if you don’t already have one.
Navigate to the AWS Management Console.
Familiarize yourself with the IAM and S3 services.

Creating a Virtual Environment for Python Development

Using a virtual environment isolates your Python projects and dependencies. Follow these steps:

Install virtualenv:
pip install virtualenv
Create a new virtual environment:
virtualenv aws_env
Activate the environment:
On Windows:
aws_env\Scripts\activate
On macOS/Linux:
source aws_env/bin/activate

Installing Boto3: The AWS SDK for Python

Boto3 simplifies interaction with AWS services. Install it in your virtual environment:

pip install boto3

Configuring AWS Credentials in Cloud9

Your credentials are automatically configured if you’re using AWS Cloud9 as your IDE. For local environments, use the AWS CLI:

Install the AWS CLI:
pip install awscli
Configure your AWS credentials:
aws configure

Enter your Access Key ID, Secret Access Key, default region, and output format.

Creating a New IAM User with Boto3

Here’s how to create an IAM user programmatically:

import boto3

iam = boto3.client(‘iam’)

def create_iam_user(user_name):

response = iam.create_user(UserName=user_name)

print(f”IAM user {user_name} created successfully.”)

return response

create_iam_user(‘example_user’)

Assigning Permissions to the IAM User

Grant permissions by attaching a policy:

def attach_user_policy(user_name, policy_arn):

iam.attach_user_policy(

UserName=user_name,

PolicyArn=policy_arn

)

print(f”Policy {policy_arn} attached to user {user_name}.”)

policy_arn = ‘arn:aws:iam::aws:policy/AmazonS3FullAccess’

attach_user_policy(‘example_user’, policy_arn)

Creating an S3 Bucket and Uploading Files

Create an S3 bucket and upload a file to it:

s3 = boto3.client(‘s3’)

def create_s3_bucket(bucket_name):

s3.create_bucket(Bucket=bucket_name, CreateBucketConfiguration={‘LocationConstraint’: ‘us-west-2’})

print(f”Bucket {bucket_name} created successfully.”)

def upload_file_to_s3(bucket_name, file_name, object_name):

s3.upload_file(file_name, bucket_name, object_name)

print(f”File {file_name} uploaded to bucket {bucket_name} as {object_name}.”)

create_s3_bucket(‘my-example-bucket’)

upload_file_to_s3(‘my-example-bucket’, ‘local_file.txt’, ‘uploaded_file.txt’)

Cleaning Up: Deleting the IAM User and S3 Bucket

Always clean up unused resources to avoid unnecessary charges:

def delete_iam_user(user_name):

iam.detach_user_policy(UserName=user_name, PolicyArn=’arn:aws:iam::aws:policy/AmazonS3FullAccess’)

iam.delete_user(UserName=user_name)

print(f”IAM user {user_name} deleted successfully.”)

def delete_s3_bucket(bucket_name):

response = s3.list_objects_v2(Bucket=bucket_name)

for obj in response.get(‘Contents’, []):

s3.delete_object(Bucket=bucket_name, Key=obj[‘Key’])

s3.delete_bucket(Bucket=bucket_name)

print(f”Bucket {bucket_name} deleted successfully.”)

delete_iam_user(‘example_user’)

delete_s3_bucket(‘my-example-bucket’)

Conclusion: Enhancing Your AWS Skills

Congratulations! You’ve successfully:

Set up a Python virtual environment.
Installed and configured Boto3.
Created an IAM user and assigned permissions.
Created an S3 bucket, uploaded files, and cleaned up resources.

These foundational skills prepare you to manage AWS services programmatically. To deepen your expertise, keep exploring AWS documentation and resources.